Centos 7 bonded interface NAT does not seem to work.



  • Hi all,

    I have a Centos7 with bonded interface (eth0 + eth1). For some reason, I cannot get traffic to pass even though the firewall rule allows port 80 to port 80. I tried telnet and port 80 on the internal server is open.

    Anyone has encountered issue with bonded interface before?

    Thanks for your help in advance!

    Simon.


  • LAYER 8 Global Moderator

    @sho1sho1sho1 said in Centos 7 bonded interface NAT does not seem to work.:

    I have a Centos7 with bonded interface (eth0 + eth1)

    And what does this have to do with pfsense at all??

    You saying it works when you don't have bonded on your centos box?

    Troubleshooting port forwarding.
    https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html



  • Thanks for your speedy reply.

    pfsense from what I know is a firewall software. If the rules are set incorrectly, then packets can be dropped and not port forwarded. If the rules are set correctly, maybe there is a confusion since the port forwarded destination has 2 interfaces, even though they are bonded, and packets still get dropped.

    I just want to see If anyone has experience with bonded interface and pfsense port forwarding and got it to work. I just didn't want to spend hours of research when someone else might have figured it out...

    Cheers!


  • LAYER 8 Global Moderator

    When pfsense forwards it could care less if the dest had 1 interface or a 100 of them... It will forward to 1 IP, this IP it will arp for the mac.. And this is where the traffic will be sent too.

    Pfsense doesn't care if they bonded, if part of a lacp or port channel since this has zero to do with how the forwarding works.

    Can pfsense ping the IP of this centos device?

    Agreed if your port forward is not setup correctly you going to have a bad time of it... I linked to the troubleshooting doc... This the same doc you would use no matter how your end device is connected to the network.



  • @sho1sho1sho1
    I'm using 802.3ad bonds on two SUSE servers. However, the other end of the bonds are terminated by a Netgear switch and pfSense is connected to another port of the switch. So the bonds have nothing to do with pfSense.
    Are your bonds terminated at pfSense?



  • I removed the bond0 interface and everything seems to be working with the single interface.
    The 2 ports on the switch was set to 802.3 LAG but I used mode 6 ALB on Centos 7 which did not need 802.3 LAG... I think that was the issue. I am not exactly sure what and how that is breaking the port forwarding though...

    I'll setup the bond interface once I have everything else configured and for sure working.

    johnpoz - And what does this have to do with pfsense at all??
    You are right, nothing to do with pfsense!

    Thanks for the troubleshooting tips!


Log in to reply