Port forwarding help needed



  • I downloaded and successfully install the 1.2.2 VMware appliance. No problems getting it to connect to my ISP.

    My config is basically this:

    ISP <-> VMWare Appliance <-> My LAN

    The VM is installed on VMWare Server 2.0, hosted by Centos 5.2.

    My problem is that any ports I try open, never open up. Meaning, if I want to open 20/21 for FTP traffic, I create the necessary rule(s) and NAT rules as well, routing the traffic to my FTP server. At first I though: "HEY! It's the firewall on my host OS that's blocking the traffic." So I punched out 20 and 21 on the host's firewall. And nothing. So I completely disabled my host firewall. And nothing.

    I probably should have mentioned that the connection to my ISP is via a Touchstone Telephony modem (Wide Open West). I've tried to reset the modem, but I'm not convinced that it still doesn't retain the MAC address that I'd put.

    I then tried several MACs, both real and spoofed. Both have the same result: No open ports.

    Any thoughts?

    I can post config info, screenshots, etc.

    Thanks.



  • A few suggestions…

    1. Create a wide open rule to ensure its nothing there.
    2. If you are using a Virtual IP (strongly suggested) make sure you are using the ARP/Proxy version.
    3. Create a logging rule to see if the packet is making it to the PFsense box



  • @kalidin74:

    A few suggestions…

    1. Create a wide open rule to ensure its nothing there.
    Already did that. And still denied access. I'm using www.canyouseeme.org to test port availability. Any scans that I've run from there, to my firewall, time out.
    2. If you are using a Virtual IP (strongly suggested) make sure you are using the ARP/Proxy version.
    Give me the quick and dirty (or not so dirty) reasoning behind a Virtual IP vs. the physical one. Thanks.
    3. Create a logging rule to see if the packet is making it to the PFsense box
    I'm an idiot, have not tried that. Will try tonight when I get home. Will post more info then

    I'm still wondering if it might be a case of the MAC address that is stored in my Touchstone.



  • @kalidin74:

    A few suggestions…

    1. Create a wide open rule to ensure its nothing there.
    2. If you are using a Virtual IP (strongly suggested) make sure you are using the ARP/Proxy version.
    3. Create a logging rule to see if the packet is making it to the PFsense box
    No entries were created when I tried routing FTP requests to a specific address. Tried to allow all FTP requests to pass without a specific path, and nothing in the logs. Which tells me that my cable modem is standing in the way


Log in to reply