Nat suddenly stops working

calvin_thefreak

Since yesterday I'd try to setup PFSense as a Router on my Proxmox host. Well first few minutes all the Nat Routing does work and some time later not anymore, but I did nothing, it seems like to hickup!

Well internal via the Bridge on other Machines I can access the Machine that I am trying to forward. The total stupid part now: when I restart the VM with the Server that is serving the http files then it will work for few seconds and then will stop working again.

But the more F'd up part comes now: the 5.199.. adress (Masked for privacy reasons) does still work then.

And by the way, this is a fresh PFSense install with just the IP in the Wan and Virtual IP added and nothing else.

KOM

https://docs.netgate.com/pfsense/en/latest/nat/port-forward-troubleshooting.html

I would do a packet capture to ensure that pfSense is seeing the packets arrive on WAN and then see them being forwarded to the server on LAN. If both of those are happening then it's got nothing to do with pfSense.

calvin_thefreak

Well, actually the Packets are bouncing of the firewall by the default ipv4 block roule, but that does not explain why it first when I restart did work... well first few seconds after I restarted the VM in the Local net, the packages are going through

but now there is that one problem that we have drops here.

KOM

Well, the default deny rule is blocking them because they don't match your NATs. You have NATs set up for tcp25,80,143,443,587 and 993. The traffic being blocked is to destination ports 2896,445,2509,23,5678 etc. See what I'm saying? Now the real question becomes, why are your clients trying to talk to your server on those ports? Your NATs look like standard business forwards, but the other traffic could be anything. Do you recognize these clients at all?

calvin_thefreak

Additionally I would just post a screen of my config that nothing on the server is blocking the traffic

calvin_thefreak

@KOM said in Nat suddenly stops working:

Well, the default deny rule is blocking them because they don't match your NATs. You have NATs set up for tcp25,80,143,443,587 and 993. The traffic being blocked is to destination ports 2896,445,2509,23,5678 etc. See what I'm saying? Now the real question becomes, why are your clients trying to talk to your server on those ports? Your NATs look like standard business forwards, but the other traffic could be anything. Do you recognize these clients at all?

Well, its a common mail server with SMTP and so on.. (http and https also)

well I see nothing wrong in this config

calvin_thefreak

I have nothing changed, and see here, works again like magic... but why?!

KOM

I think you misunderstood what I was saying. Traffic bound for tcp 25 for example will go through because you have a NAT and firewall rule to handle it. Traffic for other ports like 445 for example will be blocked by the default deny rule. The traffic you're complaining about that's being blocked is not covered by any of your NATs, so it is blocked.

calvin_thefreak

Yeah I know this, only the above ports are open, that is port 25, 80, 443, 143, 993, 587.

The Probleme here is, that suddenly it stopps working, I mean, HTTP works for 2 Minutes, then stop, and suddenly comes back.

calvin_thefreak

Monitor it your self, look over at https://mail.64i.de/ and wait until its up again... have tested it with DSL internet and 4g on my phone.

I've allready setup a watchdog for this, sometimes it works and sometimes not, but the strange point here is, that the Webserver running on another virtual IP is working like a charm and the PF is forwarding all packets like desired.

KOM

NATs don't just go up and down like an elevator. Start a packet capture on WAN and then do a test against that NAT. See if the packets hit the WAN. Then do another capture on LAN and run your test again. See if the packets are being forwarded to the LAN server. There must be something else going on. Did you check that document I linked to?

It's working fine for me now, 3:15pm Eastern time North America.

calvin_thefreak

well, maybe seems to be a problem with both of my ISPs, looked up on their status pages and they say that they have routing issues. but I will monitor it I dont know why this is happening.
well from my other VPS (running at digital ocean other ISP and everything) there it is working, well maybe they have routing issues. sorry for annoying anybody of you.

Well maybe seems to be a closed thread now sorry for keeping you busy.

Well look here, my local network and from my mobile carrier seems to be out of service atm. well at least other servers can reach it. pheww, first thought that it is not reachable from the www.

KOM

Haha, I knew it had to be something else. Coincidence is the mortal enemy of troubleshooting. Glad it is working for you now.

calvin_thefreak

@KOM Yeah, this was truely hell for me because I knew that some of my bussiness partners needed to recieve mails. Well I knew that SMTP/submission waits a few hours before giving up, but I just needed to fix it.

calvin_thefreak

Well and actually the Error was on my side too. Did configure the Server IPs wrong, so the Portforward did point to the wrong IP because it was still dhcp

KOM

Oh geez, multiple concurrent errors are just as much fun to troubleshoot as coincidental failures.

calvin_thefreak

@KOM Total mess today but hey, now it rly works because I did configure static ones on the servers.