Strange NAT behaviour
-
Hello:
I have a pfsense firewall behind a Cisco one (Double NAT). All public traffic filtering is doing on the Cisco. The pfsense WAN is the Cisco LAN. In the pfsense I make PAT from WAN (Cisco LAN) to several Windows Servers in the pfsense LAN. One of the port redirections is the same for all the servers: from several port numbers in the WAN interface to 3389 port in all pfsense LAN servers. This traffic must be available from several public origins and from all IPs in the Cisco LAN (pfsense WAN). All rules are working as expected in the Cisco and in pfsense, except one of them. There is a pfsense rule that only works for public traffic, not for Cisco LAN originated traffic. This is very strange, since all NAT rules are the same, and there is no other rules defined, and all of them are working for all traffic (public and Cisco LAN), except this one that is only working for public traffic. Initially I was thinking about a problem in the server, but why are public traffic working? One this public traffic pass through Cisco firewall it reaches pfsense in the same way that a traffic originated in the Cisco LAN so both of them must work or fail at the same time. Windows firewall in the affected server is disabled, and there is no antivirus. Pfsense log shows this two messages status for the affected traffic (traffic to the redirected port originated in the pfsense WAN network = Cisco local network):
WAN tcp 10.0.0.51:61690 -> 192.168.40.32:3389 (10.0.0.40:40401) CLOSED:SYN_SENT
LAN tcp 10.0.0.51:61690 -> 192.168.40.32:3389 SYN_SENT:CLOSED
And the log says the traffic have been blocked by the Default deny rule IPv4 (1000000103).
Any help would be very aprreciated. Thanks.