[Solved]port forwarding in dual firewall setup



  • Good Day,

    We have a setup that looks like this.

    internet
                 |
                 |
                 |(wan public Ip)
          linux w/ firestarter 1.3/NAT
                 |(lan -10.10.100.1/24)
                 |
                 |wan(10.10.100.2/24)
         pfSense 1.2.1Rc1-built on Sat Sep 13 03:53:42 EDT 2008 -(NAT/dhcp/squid)
                 |192.168.1.1/24
                 |
                 |
          Internal Lan 192.168.1.1/24

    As you can see we have a double NATTED setup.our problem is that there are some servers that are need to be SSH on the 192.168.1.x network.

    I have web services that are port forwarded from linux (i.e port 8080) to pfsense (port 8080)then forwarded again to the destined box on it port 8080. this works.

    Now that some external users/devs needs to connect to it(192.168.1.x box), i then set port 2222 on linux to port 2222 of the pfsense then to port 2222 on the destined box. this doesn't work based on the firewall logs though i set the port forwarding rules the same way i set the port forwarding rules some others service/ports on the lan.

    As i look at the firewall logs it seems that my ssh attempts was forwarded by by linux firewall to my pfsense box , but my pfsense box blocked/rejects it.

    Have anyone of you encounter this problem or have setup like mine, coz whats strange is that i have this double por forwarding setups that works fine but SSH in not. Are there any special with this protocol or this protocol doest not behave on double natted/double port forwarded and configured on diferrent port number? Will an upgrade to newer version solves it? Please not the i have reset all the states after configuring the rules . What i still not do is a reboot because my server is  160 days up and i want it to run longer. (i want to have a longer uptime records ;D ) .
    Thanks.

    Here the log screen shoots.






  • Please attach NAT screenshot.



  • Thanks Eugene! :)

    It was a Nat Rules that i forgot to add.. ;D

    If        Proto     Ext. port range   NAT IP          Int. port range
    **WAN       TCP            2222          192.168.1.30 2222  **

    Please close this..SOLVED

    Happy to be with my pfSense Family!!!!


Log in to reply