Port-Forwarding failing for specific IP
-
Hello dear network fellows,
are there specific (local) IP-addresses, which are known not to work with port forwarding? I spent a day troubleshooting port forwarding to an internal e-mail server (ports 25 and so on).In the end I ascertained, that forwarding the common e-mail ports would not work with the IP 10.10.30.3 - any answers from this ip were silently dropped by the firewall and no tcp-handshake succeded. When I switched the systems IP to 10.10.30.6 all connectivity succeeded without changing other external parameters, except the nat and firewall rules. Furthermore, port 80 worked fine on 10.10.30.3.
Is this theoretically a (known) bug in pfsense or could the be another issue with my setup, which could caused this behaviour?
-
@iamlunchbox The answers were dropped? That sounds like the forward was working. Was the gateway correct on the mail server?
-
@steveits Ah, yes. Good point. So I guess the corresponding NAT-rule did not work while the forward was fine. I used tcpdump on the proxmox host to find out, that the vserver answered the TCP-SYN, but the pfense did not forward to the corresponding recepient.
When I edited the port forward and pointed the same port to the different IP, the handshake succeded. I used netcat listeners on both systems and used an otherwise blank system. So, I am at a loss why it worked in one case but not in the other.
Still, it could be external hypervisor rules. But rest assured, I checked them and they all applied to both IPs due to a /24 subnet.