PFSense is totaly great but….
I have a problem.
Remote site (PFsense) ------- Internet------- Local site (PFSense) Lan
192.168.1.0/29 <---IPsec---> 192.168.2.0/29
On my local site i have som time reg software running that check witth 2 servers on the internet.
Its running on port 28001
I keep getting this:
tcp 192.168.2.244:4461 -> (My WAN IP):47235 -> (Svr 1 pub. IP):28001 SYN_SENT:CLOSED
tcp (Svr 1 pub. IP):28001 <- 192.168.2.244:4462 CLOSED:SYN_SENT
tcp 192.168.2.244:4462 -> (My WAN IP):23168 -> (Svr 1 pub. IP):28001 SYN_SENT:CLOSED
Any one have an idea?
You have 192.168.2.0/29 listed for local LAN, but the host you are using is 192.168.2.244, which is not in that subnet - did you change the addresses before posting? Also, it would be helpful to list rules, NAT, etc…
It´s me that is not corect.
Remote site (PFsense) –----- Internet------- Local site (PFSense) Lan
192.168.1.1 <---IPsec---> 192.168.2.1
The resurce that i´m trying to connect to is a publich address witch is not on mu remote or local site.
So there is no publiching roule involved.
onley uot going nat
I don't understand. It is a public IP for some external host? If so, why are you showing the two sites and IPSEC, etc…? Can you be clearer about your network setup?
The service i´m trying to get is some where on the internet, so not on any of my servers on ether site 1 or 2
I beleved that i could have some thing to do with my IPSec tunnel.
I'm sorry, it is very frustrating to help when I am getting answers that are so brief (and without the content I am asking for.) One last time, can you be more specific about your network setup? Do other services (external) work from that site, or just the one. Etc…
Sorry i´m trying… :-)
I have en server with more viatual servers and a PFsense as firewall, when the server wass located her in house all worked fine.
This week i moved the server to a hosting site an made an IPSec from local to the hosting site.
I installed a new PFSence firewall here on local site, and sinse then the the time reg have not worked...
I have my local lan 192.168.2.1 and a IPSec tunnel to my remote site 192.168.1.1 where i have my DNS, mail and so on.
All working wevry well...
Here on my local site all internet is working fine using the DNS on the remote site, exept the port 28001 the time reg service is located on a companby site some where, so a public service, thats why the public IP address, is it not on any of my servers or lan.
Hope this clears some of my bad writting up :-D
okay, silly question here: can you access any other services on that outside server, or can you not do anything at all with it?
It not a silly question… :-)
Do you mean the time reg server
I can ping it an get respond, but there is no other services on the time reg server that i can access, it´s onley open for port 28001
well if you can ping it, that eliminates a whole different set of possible errors. is it possible the server on that host is blocking your request? some sort of ACL or firewall rule? Can you access that port 28001 service from the other pfsense LAN?
How can i try that?
I can not install the time reg client on any og my servers, it is not suported.
What do you mean "it is not supported"?
The software is for time reg. when we meet at work and leve.
I can not install it on any of the servers the OS is not supported.
And i onley have server OS installed on the host located in the hosting site.
ah, okay, well that is not important. it is pretty clear from the debug info you sent that it is not an application issue. so the question: from the other pfsense site, open a command prompt and do 'telnet TIMESERVER 28001' and see if you can even connect. Obviously replace TIMESERVER with the real IP :)
get connection closed by remote host wen using putty.
now try again from your original LAN.
Connection to host lost.
so it got disconnected too? just so i understand this correctly: you are using telnet to connect to the exact same host that the program can't? e.g. if you connect manually, it gets disconnected right away, but the other software gets the CLOSED/SYN_SENT hang?
The last 2 posts is output fran telnet, and the frewall come with SYN_SENT:CLOSED
Oh, okay, I misremembered what the CLOSED meant. Are you sure the server with port 28001 is not somehow blocking you? If it is closing the connection it sounds like you can get there okay but are being rejected, which would not be pfsense-related.
Just to sanity check: when you try to connect using telnet, do you get the same "SYN_SENT/CLOSED" thing?
Yes i did, it som how got to work to night after i reinstalled the firewall… wired.
Still running from the same public IP address så i don´t think it is the IP thats blocked in the other end.