Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forwarding on a LAGGed WAN interface

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 403 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mstaffa81
      last edited by

      Hello everyone,

      New user here on the forum, and I'm sorry if this is a stupid question.

      Basics

      I'm something of an intermediate hobbyist networking guy and I recently discovered my modem (Arris SB8200) has the ability to turn its two ethernet ports into a LAGG. I of course wanted to try it out, and lo and behold it works beautifully... except for one specific caveat.

      I can't access any of the services behind my firewall because the NAT port-forwards I set up aren't working. I've logged into the router through back channel and verified they're still in place and that the firewall rules are still effective (they are) and I am definitely still getting internet on my regular LAN connected devices without trouble.

      I'm sure this is some sort of routing problem with multiple ethernet MACs on the public interface, but I'm not sure how I can fix it.

      Specifics

      Hardware

      Modem: Arris SB8200 (2x GB Ethernet, 1x Coaxial)
      Router: PfSense (4x GB Ethernet [Quotum device])
      Switch: Netgear 16 port PoE, Fully managed

      Topography

      My setup follows a pretty basic topography. Modem is at the top receiving a single public IP address from my ISP, it passes traffic between itself and the WAN of my PfSense router, which passes traffic between itself and the switch (to which all the rest of my LAN segments are connected, either physically or virtually from a Hypervisor).

      Connections

      All relevant connections are LAGGs. From the modem to the router, the router to the switch, and the switch to my hypervisors (running services, etc.)

      | --- | --- |
      | Modem <-> Router | 2x Ethernet ports in LACP |
      | Router <-> Switch | 2x Ethernet ports in Round-Robin |
      | Switch <-> Hypervisor | 2x Ethernet ports in Round-Robin|

      I can't reach any services that rely on NAT from inside or outside the network. Get a "No route to host" error on either side for SSH(port 22) or anything else.

      Any help or suggestions are appreciated

      DerelictD 1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate @mstaffa81
        last edited by

        @mstaffa81 Port forwarding on a lagg is no different that port forwarding on a single, non-aggregated interface.

        Unless there is something that doesn't work correctly in the upstream device.

        You didn't post any specifics as to what, exactly, you have done.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        M 1 Reply Last reply Reply Quote 1
        • M
          mstaffa81 @Derelict
          last edited by

          @derelict Dumb fix fixed it, had to remake the NAT rules for whatever reason.

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.