Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    inbound traffic on QNAP Virtual Machine

    Scheduled Pinned Locked Moved
    Firewalling
    2
    2
    148
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      siwik75
      last edited by

      I have pfsense 2.3.4 CE
      igb0 on 10.0.1.11 -> Internet Router 10.0.1.200
      igb1 on 10.0.0.250 <-> LAN

      QNAP on static ip 10.0.0.98
      VM inside on static ip 10.0.0.53

      I am trying to allow traffic from external internet IP from AWS EC2 on a specific port (1521 or 9090)

      I tried to add NAT and rule on pfsense in multiple ways but I never see traffic reaching 10.0.0.53 (checked with tcpdump)
      and on pfsense I see <external ip> <-> 10.0.1.11:9090 CLOSED:SYN_SENT

      though the ports are open on .53 I can connect from within LAN on differnt machine.

      How can I solve this? I need some expert advise

      NightlySharkN 1 Reply Last reply Reply Quote 0
      • NightlySharkN
        NightlyShark @siwik75
        last edited by

        @siwik75 Ports open on LAN are not the same ports that need to be open on WAN. Each INTERFACE has its own 65535 ports. Thus, the ports need not only be open on .53, but also on PfSense WAN. "But I used NAT rules, and port forward and..." doesn't matter. NAT and port forward are processed before the firewall rules, and WAN has a deny all in rule. So, on that interface, the packet arrives, it's dest ip changes from 10.0.1.11 to 10.0.0.53, but that doesn't cause WAN to show any sympathy, because the direction is IN. It just coldly shoots down the packet. You can see this if you activate the option to log default deny rules (in the firewall logs options tab).

        1 Reply Last reply Reply Quote 0
        • First post
          Last post