NAT / Port Forward issue
-
@mrdeckard So this web server at .118 has full access, can ping out to 8.8.8.8 etc? Your trace shows no response. I would do a capture on LAN when you run your test to make sure the packets are making their way through pfSense to the web server.
-
Hi @kom ,
thank you for the replay.
I confirm that I can ping 8.8.8.8. Soon I will try to make a capture on the webserver side. I'll let you know the outcome of the capture. Thanks again for your help. -
@mrdeckard Make sure you go through that list I linked to. It's always something in that list that turns out to be the problem.
-
Hi @kom,
I checked the troubleshooting procedures written in your link. It seems OK to me, and I have a doubt about the correct configuration of the gateway on the receiving machine (webserver). Can I show you the webserver routing table? I made the capture on the webserver side, and in fact, I find it strange. Below I show the capture made with tcpdump on eth1 (192.168.0.118) of the webserver when calling the public address of pfsense on port 8080.I find the indication TPR Out-Of-Order very strange and then follow the TCP retransmission coming from my browser placed behind the router of my office.
In fact, there never seems to be a response back from the webserver. What do you think? What useful information could I investigate?
Thank you so much.
-
@mrdeckard What does the web server show for:
ip route show
-
Hi @kom,
I am very sorry to be able to answer just now. Unfortunately, I've been on the road these days and couldn't get to my test servers.
Before showing you the information on routing tables, I would like to thank you again for your support and your great spirit of help.My web server's routing table is the following:
As you can see, the address of 195.xxx.xxx.xxx is the IP class from the public side. So the public address exposed by the eth0 network interface is 195.xxx.xxx.91, while on eth1, there is the LAN side (192.168.0.118).
If it can be useful, observing the various, I observe a strange thing. For example, if I go to Status -> Gateway, I observe the following:
It appears that the Gateway on the public side is "duplicated" (forgive me for the lack of knowledge of pfsense and possibly some concepts), and one of the duets appears to be in a "Pending" state. I can not understand.
I thank you again!
-
@mrdeckard Looks like your config has a prob;em. What do you have under System - Routing - Gateways?
-
Hi @kom ,
under System - Routing - Gateways I have the following situation:Do you have any advice for me? Do you think it could be something I went wrong during the setup or something that went wrong during the installation?
Thank you so much!
-
@mrdeckard I don't know why you have two identical gateways but that can't be good. The second one appears to be the default created by pfSense. I would delete the first one and then try again.
Edit: I just noticed that the gateway set for your web server seems to be the public IP address of your WAN. It should be your pfSense LAN IP address.
-
Hi @kom,
Excuse me. I realized right now that the real problem was in setting up my gateway on the webserver! So your observation is absolutely correct.
I corrected the Gateway on the webserver, setting it to the router/firewall address (on the private interface of pfsense 192.168.0.1).
Now the system works as expected.I learned that you need to check the troubleshooting guidelines not 5 but 10 times!
Troubleshooting NAT Port ForwardsThank you very much and thanks for your patience and support.
Thanks sincerely.
-
Hi @chpalmer,
You were right; the problem was an incorrect gateway configuration on the webserver.Thanks again!