Pfsense and OVH Configuration [HELP]

infiniteX · Oct 11, 2023, 2:19 PM

I have a dedicated server with two failover IPs: WAN IP 51.123.123.123 (1st Failover) and LAN IP 192.168.1.101. On this server, I've set up a virtual machine using a virtual IP (VIP) of 51.123.123.124 where I've installed my web server, CentOS 7.

To ensure external access to my applications, I've set up NAT port forwarding for ports 1433 (database) and 39101 (login). These ports are open and properly configured, as confirmed by online port checking tools like https://www.yougetsignal.com/tools/open-ports/.

The issue I'm facing is that while login attempts on port 39101 are successful, attempts to access the database on port 1433 are failing. Oddly, when attempting to access the database from outside the WAN, it works perfectly. My goal is to enable communication from port 1433 to port 39101 within my server's setup.

I'm relatively new to this, so any guidance or assistance in resolving this issue would be greatly appreciated.

stephenw10 · Oct 11, 2023, 2:52 PM

If you're using the external IP, or a hostname that resolves to the external IP, to access that you will need to use split DNS or NAT reflection.

See: https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html

Steve

infiniteX · Oct 11, 2023, 3:03 PM

@stephenw10 Thank you for response, but still the same. still denying attempt to access database from 1433 going to 39101 port.

stephenw10 · Oct 11, 2023, 3:32 PM

Between which hosts? How are you connecting?

infiniteX · Oct 11, 2023, 3:42 PM

@stephenw10 I'm connecting to the WAN address using an IP alias, a virtual IP (VIP) specifically. Within my CentOS 7 machine, I've set up port openings for two services: port 39101 for the web server and port 1433 for the database server. Both services are hosted on the same CentOS machine.

When attempting to access port 39101 for the web server, there are no issues, and I can successfully log in. However, when I attempt to access port 1433 for the database server, the connection is initially established but then abruptly closes. without encountering any errors.

Upon examining the server logs, it becomes apparent that port 1433 is being opened but then subsequently closed. This behavior is unexpected and is hindering the intended communication between these ports.

login-to-view

stephenw10 · Oct 11, 2023, 4:00 PM

Check the states in Diag > States when you're trying to connect so see what the firewall is doing. If gets immediately rejected though it sounds like it could be forwarding correctly and the CentOS server is blocking it.

infiniteX · Oct 11, 2023, 4:07 PM

@stephenw10 here is the result. I tried to spam the login. so we can capture the result

login-to-view

stephenw10 · Oct 11, 2023, 4:12 PM

Those states are for 38101 and you said 39101 above. But I see no states at all for 1433.
Is that traffic actually arriving at the WAN? Try adding logging to the pass rule on WAN. Or run pcap for port 1433 on WAN.

infiniteX · Oct 11, 2023, 4:57 PM

@stephenw10 Sorry how to perform PCAP 1433 on WAN?

stephenw10 · Oct 11, 2023, 5:12 PM

In Diag > Packet Capture like:

login-to-view

infiniteX · Oct 12, 2023, 12:31 PM

@stephenw10 Hi, base on the record. it didn't reach 1433 Port. it just stuck in 38101.

stephenw10 · Oct 13, 2023, 2:24 PM

Well pfSense can't forward traffic that never arrives.

Maybe that port is blocked by OVH or your ISP.

Steve

infiniteX · Oct 13, 2023, 2:24 PM

@stephenw10 Hello sir Steve. I got some error.

login-to-view
I attempted to use SSH to access a CentOS 8 database server. Additionally, I used telnet to check port 38101. The connection was established, but it abruptly closed.

login-to-view

Port Forward Config

login-to-view
Nat 1:1 Config and Outbound = Hybrid

login-to-view
WAN Config

login-to-view
NAT Config

stephenw10 · Oct 13, 2023, 4:27 PM

What do the states show when you test that?

I assume that CentOS alias contains the correct two ports?