Asking here as I'm not sure if it's a firewall or nat problem.



  • Apologies, I'm quite new to PFsense. I'm running a coturn server in docker, these are the ports listening when I run 'docker ps': 0.0.0:3478->3478/tcp, 0.0.0.0:3478->3478/udp, 0.0.0.0:5349->5349/udp, 0.0.0.0:5349->5349/tcp, 0.0.0.0:49152-49172->49152-49172/udp'

    I have a few publicly available IP's which are virtual IP's in PFsense, so previously I did a 1:1 nat with one of those to a VM and then added firewall rules allowing the ports listed above through. That worked perfectly, but I've now set up HAproxy which is dealing with all of my machines using different subdomains, using that virtual IP. I've tried a few configurations but can't get the turn server to join the party. I tried changing only the internal IP on the old firewall rules to the IP of the new turn server, but that hasn't worked (I assume because I no longer use 1:1 nat now that the VIP is serving several VM's). So then I tried a port forward with 'destination address - wan net', and 'nat IP' to the local machine, which works for me in other circumstances. But I'm obviously doing this wrong, because it's not working. How should I be approaching this?


  • Netgate Administrator

    Are you trying to proxy all that through HAProxy? It won't do anything with UDP traffic AFAIK, you would still need to forward that traffic as before.

    Steve



  • @stephenw10 No. I don't want to proxy anything to the turn server. I only want to forward traffic on the ports I listed to the container, served by a virtual IP. I'd expected what I did to work. All I want is to forward those ports from '153.234.234.2' to '192.168.2.2' for example. I must be doing someting really wrong, because it seems so obvious.


  • Netgate Administrator

    Ah OK, then yeah it should be just a matter of adding the port forwards for those ports.

    Try connecting to it externally then check the state table for states on those ports.

    Steve


Log in to reply