New guy trying to get NAT/port forwarding to work
-
Hi. First post. Need assist.
I have not been able to get my below scenario to work. Have tried ipcop, m0n0wall, pfsense. PFsense seems by far the most complete firewall, but still no luck.Checked the RFC959 violation box.
I am merely trying to forward some ports from 20.20.20.5 over to 192.168.6.3.
Opened all ports (1-65535) out of frustration at just getting the few I really wanted.
Didn't do anything with the Virtual IP's and CARP menu - not sure of what it really means yet.
This seems to be a really no-brainer configuration but not working for me.WireShark on WinXP with "host 192.168.6.48 and host 20.20.20.1" gives nothing.
pfsense firewall log shows this (test with ftp) - doesn't seem to be forwarded.
(passed) Jan 6 19:50:40 WAN 192.168.6.2:137 192.168.6.3:137 UDP
(passed) Jan 6 19:44:09 WAN 20.20.20.5:42752 192.168.6.3:21 TCP:SPlease, anyone know what I am missing. I use at home a Juniper Netscreen NS5GT so am not a total novice with all this, but I am baffled.
Thanks much,
Jim
PC Linux client on 20.20.20.5 => pfsense (WAN 20.20.20.1 (LAN 192.168.6.48) to PC WinXP on 192.168.6.3
PCLinux Client
20.20.20.5 (single interface)
netstat -r:
Dest 20.20.20.0 * 255.255.0.0
ifconfig shows uppfsense firewall
re0 interface
LAN 192.168.6.48
netmask 255.255.252.0
–---------------
re1 interface
WAN 20.20.20.1
netmask 255.255.252.0NAT: WAN TCP/UDP 1 - 65535 target(aliased to 192.168.6.3 (ext.: any) 1 - 65535
Rule: TCP/UDP * * target 1 - 65535 *Windows XP (ipconfig /all output)
IP Address. . . . . . . . . . . . : 192.168.6.3
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 192.168.6.1 -
Some more info.
On WinXP 192.168.6.3, I can ping pfsense at 192.168.6.48.
On pfsense I can ping WinXP 192.168.6.3 and get normal ping response.
I cannot ping pfsense 20.20.20.1 from my linux 20.20.20.5.
On pfsense if I ping any address on 20.20.20.x network, I get this weird response:pfhacom:~# ping 20.20.20.252
PING 20.20.20.252 (20.20.20.252): 56 data bytes
36 bytes from pfhacom.local (192.168.6.48): Time to live exceeded
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 b029 0 0000 01 01 3eff 192.168.6.48 20.20.20.252Thanks,
baffled Jim
-
OK. that was dumb. the ping to any 20.20.20.x address was actually not responded. Just all that info telling me about it
Jim