Beta5 Port Forwarding Problem



  • Hi all,

    I've setup an ALIX 6E2 with the pfSense-2.0-BETA5-4g-i386-20110203-0154-nanobsd.img. See the attached PNG to understand my topology

    I've setup several Port Forwardings on the WRAP and on the ALIX, but can't reach none off the machin's behind that dual PortForward.

    Forward on the WRAP:

    and on the ALIX:

    I hope it's a simple prob and you can help…



  • What is the "DSL address" at your second router? There should be the address from the corresponding WAN-interface, say the WAN from the alix.



  • I think I've misread something, your diagrams say the WRAP board is connected to the DSL line, and the alix board is connected to the cell network, but when you listed your port forwards it seems reversed? Looking at the interface names, the alix board has the DSL and the WRAP board has the cell (labeled WAN).

    Do you have failover / load balancing set up between the two boxes? Are your rules to allow all for the lan side of your networks?

    If I'm reading it correctly, you're forwarding from the HSDPA-pfsense directly to the client on the DSL-pfsense. Would you not instead port forward to the interface IP, then on the opposite box pick up the incoming and forward to the client?

    HSDPA BOX::: Internet (utorrent) > ALIX(OPT1) >port-forward> WAN | DSL BOX::: LAN(WRAP) >port-forward> MacBook Pro?

    instead of

    HSDPA BOX::: Internet (utorrent) > ALIX(OPT1) >port-forward> MacBook Pro, I can only see this working if you create a tunnel between the two PFsenses, but I'm a total newb on it all.

    @mircsicz:

    Hi all,

    I've setup an ALIX 6E2 with the pfSense-2.0-BETA5-4g-i386-20110203-0154-nanobsd.img. See the attached PNG to understand my topology

    I've setup several Port Forwardings on the WRAP and on the ALIX, but can't reach none off the machin's behind that dual PortForward.

    Forward on the WRAP:

    and on the ALIX:

    I hope it's a simple prob and you can help…



  • I've updated the schematic's to also show the interface IP's

    @_igor_:

    What is the "DSL address" at your second router? There should be the address from the corresponding WAN-interface, say the WAN from the alix.

    The "DSL Adress" on the second router is 10.10.2.2… As you expected!

    @heavy1metal:

    I think I've misread something, your diagrams say the WRAP board is connected to the DSL line, and the alix board is connected to the cell network, but when you listed your port forwards it seems reversed? Looking at the interface names, the alix board has the DSL and the WRAP board has the cell (labeled WAN).

    Do you have failover / load balancing set up between the two boxes? Are your rules to allow all for the lan side of your networks?

    If I'm reading it correctly, you're forwarding from the HSDPA-pfsense directly to the client on the DSL-pfsense. Would you not instead port forward to the interface IP, then on the opposite box pick up the incoming and forward to the client?

    HSDPA BOX::: Internet (utorrent) > ALIX(OPT1) >port-forward> WAN | DSL BOX::: LAN(WRAP) >port-forward> MacBook Pro?

    instead of

    HSDPA BOX::: Internet (utorrent) > ALIX(OPT1) >port-forward> MacBook Pro, I can only see this working if you create a tunnel between the two PFsenses, but I'm a total newb on it all.

    Yes I've setup Load-Balancing:

    Here's how I'ld describe my forwarding chain, using Transmission on the FreeNAS as example:

    nas.mirco.home (10.10.10.11:31413) -> ALIX 10.10.10.1 LAN -> 10.10.2.2 WAN -> WRAP 10.10.2.1 LAN -> WAN … all using port 31413

    or OpenVPN:
    ALIX 10.10.10.1:1194 LAN -> 10.10.2.2 WAN -> WRAP 10.10.2.1 LAN -> WAN ... all using port 1194

    or SSH
    ALIX 10.10.10.1:222 LAN -> 10.10.2.2:7778 WAN -> WRAP 10.10.2.1:7778 LAN -> WAN

    And no I'm not going to forward any of the Ports to the UMTS interface on the ALIX

    Greetz
    Mircsicz



  • Is there no one out there seeing the mistake/prob?

    Here's a screeny of a complete rule, ssh in this case:

    When I ssh to the WRAP and try to ssh back to the ALIX all I get is a timeout.

    [1.2.3-RELEASE]
    [root@wall.christel.home]/root(2): ssh -p7778 10.10.2.2
    ssh: connect to host 10.10.2.2 port 7778: Operation timed out

    I even checked with nmap:

    nmap -p7778,31413,1194 10.10.2.2

    Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-20 01:45 CET
    Nmap scan report for mirco.christel.home (10.10.2.2)
    Host is up (0.00059s latency).
    PORT      STATE    SERVICE
    1194/tcp  filtered openvpn
    7778/tcp  filtered interwise
    31413/tcp filtered unknown

    Nmap done: 1 IP address (1 host up) scanned in 1.37 seconds

    I don't see why this rule doesn't work, please give me hint!!!

    Greetz
    Mircsicz

    P.S.: I already upgraded to "pfSense-2.0-BETA5-4g-i386-20110216-0353-nanobsd-upgrade.img.gz"



  • I would check under you wan rules to make sure you are not blocking Private networks. Also if you only have port forwarding on your second nat you seem to be making more work for your self. Why not put the second NAT in a DMZ and then handle your port forwarding there? Hope this helps. Another thing to try is looking at your firewall logs to see what is going on.



  • @mikeisfly:

    I would check under you wan rules to make sure you are not blocking Private networks.

    Thank's for opening my eye's, that was the Prob!!!

    I'll later check to put the ALIX in a DMZ on the WRAP to ease port forwarding…

    Greetz
    Mirco


Log in to reply