Beta5 Port Forwarding Problem
-
Hi all,
I've setup an ALIX 6E2 with the pfSense-2.0-BETA5-4g-i386-20110203-0154-nanobsd.img. See the attached PNG to understand my topology
I've setup several Port Forwardings on the WRAP and on the ALIX, but can't reach none off the machin's behind that dual PortForward.
Forward on the WRAP:
and on the ALIX:
I hope it's a simple prob and you can help…
-
What is the "DSL address" at your second router? There should be the address from the corresponding WAN-interface, say the WAN from the alix.
-
I think I've misread something, your diagrams say the WRAP board is connected to the DSL line, and the alix board is connected to the cell network, but when you listed your port forwards it seems reversed? Looking at the interface names, the alix board has the DSL and the WRAP board has the cell (labeled WAN).
Do you have failover / load balancing set up between the two boxes? Are your rules to allow all for the lan side of your networks?
If I'm reading it correctly, you're forwarding from the HSDPA-pfsense directly to the client on the DSL-pfsense. Would you not instead port forward to the interface IP, then on the opposite box pick up the incoming and forward to the client?
HSDPA BOX::: Internet (utorrent) > ALIX(OPT1) >port-forward> WAN | DSL BOX::: LAN(WRAP) >port-forward> MacBook Pro?
instead of
HSDPA BOX::: Internet (utorrent) > ALIX(OPT1) >port-forward> MacBook Pro, I can only see this working if you create a tunnel between the two PFsenses, but I'm a total newb on it all.
Hi all,
I've setup an ALIX 6E2 with the pfSense-2.0-BETA5-4g-i386-20110203-0154-nanobsd.img. See the attached PNG to understand my topology
I've setup several Port Forwardings on the WRAP and on the ALIX, but can't reach none off the machin's behind that dual PortForward.
Forward on the WRAP:
and on the ALIX:
I hope it's a simple prob and you can help…
-
I've updated the schematic's to also show the interface IP's
What is the "DSL address" at your second router? There should be the address from the corresponding WAN-interface, say the WAN from the alix.
The "DSL Adress" on the second router is 10.10.2.2… As you expected!
@heavy1metal:
I think I've misread something, your diagrams say the WRAP board is connected to the DSL line, and the alix board is connected to the cell network, but when you listed your port forwards it seems reversed? Looking at the interface names, the alix board has the DSL and the WRAP board has the cell (labeled WAN).
Do you have failover / load balancing set up between the two boxes? Are your rules to allow all for the lan side of your networks?
If I'm reading it correctly, you're forwarding from the HSDPA-pfsense directly to the client on the DSL-pfsense. Would you not instead port forward to the interface IP, then on the opposite box pick up the incoming and forward to the client?
HSDPA BOX::: Internet (utorrent) > ALIX(OPT1) >port-forward> WAN | DSL BOX::: LAN(WRAP) >port-forward> MacBook Pro?
instead of
HSDPA BOX::: Internet (utorrent) > ALIX(OPT1) >port-forward> MacBook Pro, I can only see this working if you create a tunnel between the two PFsenses, but I'm a total newb on it all.
Yes I've setup Load-Balancing:
Here's how I'ld describe my forwarding chain, using Transmission on the FreeNAS as example:
nas.mirco.home (10.10.10.11:31413) -> ALIX 10.10.10.1 LAN -> 10.10.2.2 WAN -> WRAP 10.10.2.1 LAN -> WAN … all using port 31413
or OpenVPN:
ALIX 10.10.10.1:1194 LAN -> 10.10.2.2 WAN -> WRAP 10.10.2.1 LAN -> WAN ... all using port 1194or SSH
ALIX 10.10.10.1:222 LAN -> 10.10.2.2:7778 WAN -> WRAP 10.10.2.1:7778 LAN -> WANAnd no I'm not going to forward any of the Ports to the UMTS interface on the ALIX
Greetz
Mircsicz -
Is there no one out there seeing the mistake/prob?
Here's a screeny of a complete rule, ssh in this case:
When I ssh to the WRAP and try to ssh back to the ALIX all I get is a timeout.
[1.2.3-RELEASE]
[root@wall.christel.home]/root(2): ssh -p7778 10.10.2.2
ssh: connect to host 10.10.2.2 port 7778: Operation timed outI even checked with nmap:
nmap -p7778,31413,1194 10.10.2.2
Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-20 01:45 CET
Nmap scan report for mirco.christel.home (10.10.2.2)
Host is up (0.00059s latency).
PORT STATE SERVICE
1194/tcp filtered openvpn
7778/tcp filtered interwise
31413/tcp filtered unknownNmap done: 1 IP address (1 host up) scanned in 1.37 seconds
I don't see why this rule doesn't work, please give me hint!!!
Greetz
MircsiczP.S.: I already upgraded to "pfSense-2.0-BETA5-4g-i386-20110216-0353-nanobsd-upgrade.img.gz"
-
I would check under you wan rules to make sure you are not blocking Private networks. Also if you only have port forwarding on your second nat you seem to be making more work for your self. Why not put the second NAT in a DMZ and then handle your port forwarding there? Hope this helps. Another thing to try is looking at your firewall logs to see what is going on.
-
I would check under you wan rules to make sure you are not blocking Private networks.
Thank's for opening my eye's, that was the Prob!!!
I'll later check to put the ALIX in a DMZ on the WRAP to ease port forwarding…
Greetz
Mirco