MIRC Fserv and nat port mapping help

zedpentium

Lets see… this will probably be a long post to explain what i have tried and tested. Lets Begin.

My home network looks like this
Cablemodem that give DCHP ip
Have the pfsense pc with 2 nics (1 Wan, 1 Lan.. simple) version 1.0.1 loads from CD and saves to a MMC Card via USB Cardreader.
8port 10/100mbit switch
Local ip range 192.168.0.x
3 Pcs With static set ips and dns are the external ones (from ISP)

And settings in PFsense.. to start off i have under Firewall/Rules
made 1 rule on LAN With GREEN PASS and all Proto, Source   etc  have * in em  (any)
Same on WAN
With this i dont have to bother about any firewall rules for application and games, yes its unsafe.. but i want it like that.
(i am using  soft firewalls in all 3 machines, Kerio personal firewall in this case)
And in Firewall/NAT Outbound i set it to Advanced Outbound Nat and changed the rule to have static ports
WAN    192.168.0.0/24  *  *  *  *  *  YES Auto created rule for LAN

Now all that is left is to configure Portforward:
have several rules for a FTP Server, and WebServ + mailserver to my Server machine.. all works great there.

Now the machine i want to have mirc and fserv working on has ip 192.168.0.2
and the server uses port 59
so made a rule in port forward:
WAN  TCP  59   192.168.0.2 (ext.: any)  59   Mirc DCC FServe
WAN  TCP/UDP  1030-4000  192.168.0.2 (ext.: any)  1030-4000  Mirc DCC Port Range

Problem is that ppl can access the Fserv sometimes and sometimes not. Example:
1 guy use my trigger and the connection gets established and he get in all works good and he queue up some files and then close it.
if he tries again he often cant get in.. it just tries to connect and then connection fails.. and suddenly he can connect again. (yes i tried removing my sofware firewall for the troubleshooting)
And also changed dcc fserv port to other.. and changed the rule accordingly..

I have also changed the outbound settings to ipsec passthru and also tried add a rule to advance outbound nat...  to that dcc fserv port... but it seams the incomming connection get realised by mirc..
and tried to establish a connection.. and when it fails it seams like something is missing.. some communication ports or missdirection i dont know.. but the inbound connecton always reach mirc anyway
and sending files manually never fails.. so i cant see any problem with inbound nor outgoing.. besides maybe some extra ports it uses to communicate maybe?

I appriciate ideas ;)

hoba

"ext any" in your portforwards is wrong. Set it to "interface IP".

zedpentium

Ok thank you Hoba for taking the time to read and answer my post.

So should i have all incomming portforward i do setup with "interface IP" ?? coz my mailserver and other servers on another machine in the LAN works with "ext any".

I think i did know what theese two options ment, and seams i am pretty wrong.

Using "interface IP" make the rule use the WAN cards ip.. in this case the "Real" internet ip.

So "ext any" is for if i would have more then 1 internet connection?

Thank you for a fast and efficient firewall router software mates.

hoba

"any" is for a special application like redirecting traffic that goes to "any" destination through a proxy. For all other "standard" protforwards you will use interface IP or maybe a virtual IP in case you have several IPs at you wan interface.

zedpentium

I changed all my incomming Port forwards rules to interface.

About mIRC.. still have the same issue. I am gonna get me some protocol monitor to see exaclty what happens when it fails to connect to ppls computers.

Happy New Year For PFSense and us all

/Live Well