Problem with portforward on 1.2.3-release?



  • Hi all

    I have quite a few portforwards enabled currently, and I need to create some more, but for some reason it fails.

    I want to access a ssh console on a server, so I create a rule like the attachment.

    But I can't access it, when I try I quickly gets a disconnect.
    This is the packetcapture on the pfsense:
    12:30:39.602003 IP (tos 0x0, ttl 119, id 51572, offset 0, flags [DF], proto TCP (6), length 48) 193.219.x.x.57723 > 87.61.18.x.5001: S, cksum 0xc25f (correct), 3894124159:3894124159(0) win 64512 <mss 1260,nop,nop,sackok="">12:30:39.602366 IP (tos 0x0, ttl 63, id 27724, offset 0, flags [DF], proto TCP (6), length 48) 87.61.18.x.5001 > 193.219.x.x.57723: S, cksum 0x9170 (correct), 2568846377:2568846377(0) ack 3894124160 win 5840 <mss 1460,nop,nop,sackok="">12:30:39.624798 IP (tos 0x0, ttl 119, id 29446, offset 0, flags [DF], proto TCP (6), length 40) 193.219.x.x.57723 > 87.61.18.x.5001: ., cksum 0xd903 (correct), ack 1 win 64512
    12:30:39.646227 IP (tos 0x0, ttl 63, id 44118, offset 0, flags [DF], proto TCP (6), length 60) 87.61.18.x.5001 > 193.219.x.x.57723: P, cksum 0x0573 (correct), 1:21(20) ack 1 win 5840
    12:30:39.669036 IP (tos 0x0, ttl 120, id 9303, offset 0, flags [DF], proto TCP (6), length 40) 193.219.x.x.57723 > 87.61.18.x.5001: R, cksum 0xd4fc (correct), 3894124160:3894124160(0) win 0


    </mss></mss>



  • Nobody that has anything on this?  ??? Catastrophic!  >:(

    if I NAT port 22->port 22, ergo, not port translation, then it works perfectly.
    Should I recreate the question in install/configure, or?



  • this is odd indeed.  i have an ssh portforward on a non-standard port to a host behind pfsense and it works just fine.  the RST is coming from the host behind pfsense.  what is it?  freenas?  something else?



  • I've tried both against the QNAP NAS, and a SLES 10 Linux. No change.
    I've also tried towards a HTTP server running some survaillance on a QNAP VS-101.
    Same results.
    This is an upgrade of an upgrade. I'm wondering if I should try a fresh start.
    My only worry is that I've had some problems in moving part of config's over (I would hate to reenter all the staticly defined DHCP leases, etc.).

    And I also have a 'lot' of nat's previously defined, that works fine. But if I create a new one, then noooo.


Log in to reply