Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    SYN_SENT:CLOSED

    NAT
    2
    23
    9720
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hwd1 last edited by

      Hi all.

      PFSense is totaly great but….

      I have a problem.

      My setup:

      Remote site (PFsense) ------- Internet------- Local site (PFSense) Lan
      192.168.1.0/29                <---IPsec--->      192.168.2.0/29

      On my local site i have som time reg software running that check witth 2 servers on the internet.
      Its running on port 28001

      I keep getting this:

      tcp 192.168.2.244:4461 -> (My WAN IP):47235 -> (Svr 1 pub. IP):28001 SYN_SENT:CLOSED 
      tcp (Svr 1 pub. IP):28001 <- 192.168.2.244:4462 CLOSED:SYN_SENT 
      tcp 192.168.2.244:4462 -> (My WAN IP):23168 -> (Svr 1 pub. IP):28001 SYN_SENT:CLOSED

      Any one have an idea?

      Cheers Henrik

      1 Reply Last reply Reply Quote 0
      • D
        danswartz last edited by

        You have 192.168.2.0/29 listed for local LAN, but the host you are using is 192.168.2.244, which is not in that subnet - did you change the addresses before posting?  Also, it would be helpful to list rules, NAT, etc…

        1 Reply Last reply Reply Quote 0
        • H
          hwd1 last edited by

          Hi.

          It´s me that is not corect.

          Remote site (PFsense) –----- Internet------- Local site (PFSense) Lan
          192.168.1.1                      <---IPsec--->      192.168.2.1
          255.255.255.0                                            255.255.255.0

          The resurce that i´m trying to connect to is a publich address witch is not on mu remote or local site.

          1 Reply Last reply Reply Quote 0
          • H
            hwd1 last edited by

            So there is no publiching roule involved.
            onley uot going nat

            1 Reply Last reply Reply Quote 0
            • D
              danswartz last edited by

              I don't understand.  It is a public IP for some external host?  If so, why are you showing the two sites and IPSEC, etc…?  Can you be clearer about your network setup?

              1 Reply Last reply Reply Quote 0
              • H
                hwd1 last edited by

                The service i´m trying to get is some where on the internet, so not on any of my servers on ether site 1 or 2

                I beleved that i could have some thing to do with my IPSec tunnel.

                1 Reply Last reply Reply Quote 0
                • D
                  danswartz last edited by

                  I'm sorry, it is very frustrating to help when I am getting answers that are so brief (and without the content I am asking for.)  One last time, can you be more specific about your network setup?  Do other services (external) work from that site, or just the one.  Etc…

                  1 Reply Last reply Reply Quote 0
                  • H
                    hwd1 last edited by

                    Sorry i´m trying… :-)

                    I have en server with more viatual servers and a PFsense as firewall, when the server wass located her in house all worked fine.
                    This week i moved the server to a hosting site an made an IPSec from local to the hosting site.
                    I installed a new PFSence firewall here on local site, and sinse then the the time reg have not worked...

                    I have my local lan 192.168.2.1 and a IPSec tunnel to my remote  site 192.168.1.1 where i have my DNS, mail and so on.
                    All working wevry well...

                    Here on my local site all internet is working fine using the DNS on the remote site, exept the port 28001 the time reg service is located on a companby site some where, so a public service, thats why the public IP address, is it not on any of my servers or lan.

                    Hope this clears some of my bad writting up :-D

                    1 Reply Last reply Reply Quote 0
                    • D
                      danswartz last edited by

                      okay, silly question here: can you access any other services on that outside server, or can you not do anything at all with it?

                      1 Reply Last reply Reply Quote 0
                      • H
                        hwd1 last edited by

                        It not a silly question… :-)

                        Do you mean the time reg server
                        I can ping it an get respond, but there is no other services on the time reg server that i can access, it´s onley open for port 28001

                        1 Reply Last reply Reply Quote 0
                        • D
                          danswartz last edited by

                          well if you can ping it, that eliminates a whole different set of possible errors.  is it possible the server on that host is blocking your request?  some sort of ACL or firewall rule?  Can you access that port 28001 service from the other pfsense LAN?

                          1 Reply Last reply Reply Quote 0
                          • H
                            hwd1 last edited by

                            How can i try that?
                            I can not install the time reg client on any og my servers, it is not suported.

                            1 Reply Last reply Reply Quote 0
                            • D
                              danswartz last edited by

                              What do you mean "it is not supported"?

                              1 Reply Last reply Reply Quote 0
                              • H
                                hwd1 last edited by

                                The software is for time reg. when we meet at work and leve.
                                I can not install it on any of the servers the OS is not supported.
                                And i onley have server OS installed on the host located in the hosting site.

                                1 Reply Last reply Reply Quote 0
                                • D
                                  danswartz last edited by

                                  ah, okay, well that is not important.  it is pretty clear from the debug info you sent that it is not an application issue.  so the question: from the other pfsense site, open a command prompt and do 'telnet TIMESERVER 28001' and see if you can even connect.  Obviously replace TIMESERVER with the real IP :)

                                  1 Reply Last reply Reply Quote 0
                                  • H
                                    hwd1 last edited by

                                    get connection closed by remote host wen using putty.

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      danswartz last edited by

                                      now try again from your original LAN.

                                      1 Reply Last reply Reply Quote 0
                                      • H
                                        hwd1 last edited by

                                        $mñ▐╦\╫ %Φæo

                                        Connection to host lost.

                                        1 Reply Last reply Reply Quote 0
                                        • D
                                          danswartz last edited by

                                          so it got disconnected too?  just so i understand this correctly: you are using telnet to connect to the exact same host that the program can't?  e.g. if you connect manually, it gets disconnected right away, but the other software gets the CLOSED/SYN_SENT hang?

                                          1 Reply Last reply Reply Quote 0
                                          • H
                                            hwd1 last edited by

                                            The last 2 posts is output fran telnet, and the frewall come with SYN_SENT:CLOSED

                                            1 Reply Last reply Reply Quote 0
                                            • D
                                              danswartz last edited by

                                              Oh, okay, I misremembered what the CLOSED meant.  Are you sure the server with port 28001 is not somehow blocking you?  If it is closing the connection it sounds like you can get there okay but are being rejected, which would not be pfsense-related.

                                              1 Reply Last reply Reply Quote 0
                                              • D
                                                danswartz last edited by

                                                Just to sanity check: when you try to connect using telnet, do you get the same "SYN_SENT/CLOSED" thing?

                                                1 Reply Last reply Reply Quote 0
                                                • H
                                                  hwd1 last edited by

                                                  Yes i did, it som how got to work to night after i reinstalled the firewall… wired.
                                                  Still running from the same public IP address så i don´t think it is the IP thats blocked in the other end.

                                                  1 Reply Last reply Reply Quote 0
                                                  • First post
                                                    Last post

                                                  Products

                                                  • Platform Overview
                                                  • TNSR
                                                  • pfSense Plus
                                                  • Appliances

                                                  Services

                                                  • Training
                                                  • Professional Services

                                                  Support

                                                  • Subscription Plans
                                                  • Contact Support
                                                  • Product Lifecycle
                                                  • Documentation

                                                  News

                                                  • Media Coverage
                                                  • Press
                                                  • Events

                                                  Resources

                                                  • Blog
                                                  • FAQ
                                                  • Find a Partner
                                                  • Resource Library
                                                  • Security Information

                                                  Company

                                                  • About Us
                                                  • Careers
                                                  • Partners
                                                  • Contact Us
                                                  • Legal
                                                  Our Mission

                                                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                                  Subscribe to our Newsletter

                                                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                                  © 2021 Rubicon Communications, LLC | Privacy Policy