New guy trying to get NAT/port forwarding to work



  • Hi.  First post.  Need assist.
    I have not been able to get my below scenario to work.  Have tried ipcop, m0n0wall, pfsense.  PFsense seems by far the most complete firewall, but still no luck.

    Checked the RFC959 violation box.
    I am merely trying to forward some ports from 20.20.20.5 over to 192.168.6.3.
    Opened all ports (1-65535) out of frustration at just getting the few I really wanted.
    Didn't do anything with the Virtual IP's and CARP menu - not sure of what it really means yet.
    This seems to be a really no-brainer configuration but not working for me.

    WireShark on WinXP with "host 192.168.6.48 and host 20.20.20.1" gives nothing.
    pfsense firewall log shows this (test with ftp) - doesn't seem to be forwarded.
    (passed) Jan 6 19:50:40 WAN 192.168.6.2:137 192.168.6.3:137 UDP
    (passed) Jan 6 19:44:09 WAN 20.20.20.5:42752 192.168.6.3:21 TCP:S

    Please, anyone know what I am missing.  I use at home a Juniper Netscreen NS5GT so am not a total novice with all this, but I am baffled.

    Thanks much,

    Jim

    PC Linux client on 20.20.20.5  => pfsense (WAN 20.20.20.1 (LAN 192.168.6.48) to PC WinXP on 192.168.6.3

    PCLinux Client
    20.20.20.5 (single interface)
    netstat -r:
    Dest 20.20.20.0  * 255.255.0.0
    ifconfig shows up

    pfsense firewall

    re0 interface
    LAN 192.168.6.48
    netmask 255.255.252.0
    –---------------
    re1 interface
    WAN 20.20.20.1
    netmask 255.255.252.0

    NAT:    WAN  TCP/UDP  1 - 65535  target(aliased to 192.168.6.3 (ext.: any) 1 - 65535
    Rule:  TCP/UDP  *  *  target  1 - 65535  *

    Windows XP (ipconfig /all output)
    IP Address. . . . . . . . . . . . : 192.168.6.3
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    Default Gateway . . . . . . . . . : 192.168.6.1



  • Some more info.

    On WinXP 192.168.6.3, I can ping pfsense at 192.168.6.48.

    On pfsense I can ping WinXP 192.168.6.3 and get normal ping response.

    I cannot ping pfsense 20.20.20.1 from my linux 20.20.20.5.
    On pfsense if I ping any address on 20.20.20.x network, I get this weird response:

    pfhacom:~#  ping 20.20.20.252
    PING 20.20.20.252 (20.20.20.252): 56 data bytes
    36 bytes from pfhacom.local (192.168.6.48): Time to live exceeded
    Vr HL TOS  Len  ID Flg  off TTL Pro  cks      Src      Dst
    4  5  00 5400 b029  0 0000  01  01 3eff 192.168.6.48  20.20.20.252

    Thanks,

    baffled Jim



  • OK.  that was dumb.  the ping to any 20.20.20.x address was actually not responded.  Just all that info telling me about it

    Jim


Locked