Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New guy trying to get NAT/port forwarding to work

    Scheduled Pinned Locked Moved NAT
    3 Posts 1 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      j1mw3b
      last edited by

      Hi.  First post.  Need assist.
      I have not been able to get my below scenario to work.  Have tried ipcop, m0n0wall, pfsense.  PFsense seems by far the most complete firewall, but still no luck.

      Checked the RFC959 violation box.
      I am merely trying to forward some ports from 20.20.20.5 over to 192.168.6.3.
      Opened all ports (1-65535) out of frustration at just getting the few I really wanted.
      Didn't do anything with the Virtual IP's and CARP menu - not sure of what it really means yet.
      This seems to be a really no-brainer configuration but not working for me.

      WireShark on WinXP with "host 192.168.6.48 and host 20.20.20.1" gives nothing.
      pfsense firewall log shows this (test with ftp) - doesn't seem to be forwarded.
      (passed) Jan 6 19:50:40 WAN 192.168.6.2:137 192.168.6.3:137 UDP
      (passed) Jan 6 19:44:09 WAN 20.20.20.5:42752 192.168.6.3:21 TCP:S

      Please, anyone know what I am missing.  I use at home a Juniper Netscreen NS5GT so am not a total novice with all this, but I am baffled.

      Thanks much,

      Jim

      PC Linux client on 20.20.20.5  => pfsense (WAN 20.20.20.1 (LAN 192.168.6.48) to PC WinXP on 192.168.6.3

      PCLinux Client
      20.20.20.5 (single interface)
      netstat -r:
      Dest 20.20.20.0  * 255.255.0.0
      ifconfig shows up

      pfsense firewall

      re0 interface
      LAN 192.168.6.48
      netmask 255.255.252.0
      –---------------
      re1 interface
      WAN 20.20.20.1
      netmask 255.255.252.0

      NAT:    WAN  TCP/UDP  1 - 65535  target(aliased to 192.168.6.3 (ext.: any) 1 - 65535
      Rule:  TCP/UDP  *  *  target  1 - 65535  *

      Windows XP (ipconfig /all output)
      IP Address. . . . . . . . . . . . : 192.168.6.3
      Subnet Mask . . . . . . . . . . . : 255.255.252.0
      Default Gateway . . . . . . . . . : 192.168.6.1

      1 Reply Last reply Reply Quote 0
      • J
        j1mw3b
        last edited by

        Some more info.

        On WinXP 192.168.6.3, I can ping pfsense at 192.168.6.48.

        On pfsense I can ping WinXP 192.168.6.3 and get normal ping response.

        I cannot ping pfsense 20.20.20.1 from my linux 20.20.20.5.
        On pfsense if I ping any address on 20.20.20.x network, I get this weird response:

        pfhacom:~#  ping 20.20.20.252
        PING 20.20.20.252 (20.20.20.252): 56 data bytes
        36 bytes from pfhacom.local (192.168.6.48): Time to live exceeded
        Vr HL TOS  Len  ID Flg  off TTL Pro  cks      Src      Dst
        4  5  00 5400 b029  0 0000  01  01 3eff 192.168.6.48  20.20.20.252

        Thanks,

        baffled Jim

        1 Reply Last reply Reply Quote 0
        • J
          j1mw3b
          last edited by

          OK.  that was dumb.  the ping to any 20.20.20.x address was actually not responded.  Just all that info telling me about it

          Jim

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.