NAT only work in the PfSense BOX not other client in LAN [solved with 2.0]



  • Please help me here….i'v try to setting port forward to my internal web server but it can't be done.

    The setting only can be done to SSH and WebConfiguration that located in the PfSense BOX itself (192.168.0.2), but it can't connect to web server at other ip (192.168.0.250)

    here i put the print screen in my settings:

    1.
    2.
    3.

    Help me solve this problems…



  • Your screenshots shows different ports on wan rule and portforward.



  • Thanks,
    It like what i'm trying to do….

    my NAT setting is:

    Interface: WAN
    Protocol: TCP/UDP
    Destination: x.x.x.10
    Destination port range: 5555
    Redirect target IP: 192.168.0.250
    Redirect target port: HTTP



  • And your screenshot of wan doesnt have that port. nearyst it has is 5331, which seems to be your management port for pfsense



  • How can i change the auto generated rules from NAT? The rules has been associated from NAT rules (Filter rule association).



  • @Metu69salemi:

    And your screenshot of wan doesnt have that port. nearyst it has is 5331, which seems to be your management port for pfsense

    I put some new rules in WAN Firewall but it sill not working

    Interface: WAN
    Protocol: TCP/UDP
    Source: any
    Destination: 192.168.0.250
    Destination port range: any



  • Have you tried to boot?

    Just kidding. you're rules seems to be ok. My settings is almost the same and those work well.
    That public ip address, is it hardware ip-address or some sort of virtual ip, if virtual what kind of?



  • External IP add is hardware base, not virtual. I assign it manually. Reboot? not yet….it seem the port forward only respond in the BOX itself, could not go outside because the SSH and web-configuration can be access with out any problems.  :'( What version do you used? i'm using

    2.0-RC3 (i386)
    built on Thu Aug 4 12:47:50 EDT 2011

    letter i try to reboot after all client gone off-line.  :-[



  • No need to boot, it was a joke.

    But the real question was, how many public ip-addresses you have and how many you try to use in this setup?



  • In that BOX i only used one, but in the ADSL router, we have 5 IP….

    i think the problems is in the box because i can doNAT using Untangle server to the same web server....i think it bug..what version do you used?



  • Is there any reason to have routing dsl box between internet and pfsense? if not try to setup that in bridging mode. that ease up a little troubleshooting.
    atm i'm using really old version(built on Mon Jul 11 19:53:22 EDT 2011 ) waiting a good time to update. i had no problems with the older ones so i'm not waiting  problems when updating.



  • no any routing there…just direct to the pf BOX...

    the UTbox run fine for NAT, PFbox make me want to cry  :'(



  • check this: wan side of your pfsense, does it get public ip or what kind of it gets?



  • Yes, it is public IP that i put it manually..i can ping the IP from outside.



  • Does your modem get public ip with dhcp or do you have static ip-addresses



  • my modem was setting to put the IP staticaly



  • What kind of connection you have to internet pppoe? or something else?



  • Yes PPPOE and the connection made in the modem



  • What if you change pppoe to the pfsense? and leave modem to be only mediaconverter(rj45 to rj11)



  • thats double NAT
    you should make double port forward too …

    make pppoe dialed from pfsense, modem just on bridge
    so NAT only on pfsense box, thats easier to troubleshoot then



  • @serangku:

    thats double NAT
    you should make double port forward too …

    make pppoe dialed from pfsense, modem just on bridge
    so NAT only on pfsense box, thats easier to troubleshoot then

    What do you mean double NAT? i don't understand? how can it be so complicated in PF box, because when using Untangle BOX it doing just fine with a simple port forward…  :'(



  • @Metu69salemi:

    What if you change pppoe to the pfsense? and leave modem to be only mediaconverter(rj45 to rj11)

    I can't do that because i've 5 IPs from that modem…if i removed it, that should be too complicated for me to used other IPs..



  • I've got also 5 static ip's and uncontinous block, but in same subnet so i created carp vips for the "extra ip's" fifth one was given in installation point so there was no need to create fifth carp vip.

    Please read howto's those are really selfexplaining. And if don't want go todo that way, fine it's your decision, but then i'm not able to help you any further



  • Thanks  :D



  • still no luck for me to do the 'NAT'ing…i've try other distro, the NAT went smoothly with out any trouble..i need to setup the nat in the pfsense....  :'( now using built on Wed Aug 24 10:02:03 EDT 2011



  • Screenshots would do miracles



  • this is my digram

    How can i trace i NAT respond? so i can know where the problems is? The screen shoot for the firewall as the 1st page…



  • you don't have to keep public ip in your modem, unless you want to connect that from wan/lan

    I tried earlier to say, that put anything what modem does into pfsense: pppoe authentication etc. so your modem is only a dummy media converter(from network jack to modem jack)



  • Thanks bro,

    So if i make the authentication form PfSense server; can i put other server to the modem because my modem have 4 more free ports and i have 4 more IPs…would the server have their own public-IP for this setup?



  • Why you need to put them to modem, pfsense can handle all of those, within hardware limitations.
    Just draw a picture where you show what you have and what you want. That helps a lot to "design" your network and setup pfsense.

    As an example(my setup):

    internet -- modem -- pfsense -- lan1- lan3
    
    5 static ip's all handled from pfsense, with previous setups i had only one(smoothwall didn't handle more than one, and pfsense handle as many as you want)
    
    Before i got 4 extra ip's i worked that every different lan(lan1, lan2 & lan3) natted with one public ip, now i have each lan with own ip + two different public ip's for server usage.
    
    All servers are in lan1 as my own lan. Servers use different public ip's than the rest of lan1.
    
    

    I wrote this up only for show, that pfsense is capable doing lot if set it up



  • OK, i understand…

    i need more time for migrate to that setup...len me think 1st...so i need to add one more LAN in the pfsense.
    Thanks



  • OK….
    now i can put the NAT working port port scann only (port 80), when i used the http://www.yougetsignal.com/tools/open-ports/ the port is open, but then i try to access port 80 from the web-browser, it can't be display…how can i troubleshoot this?



  • Thanks all, the release version 2.0 has solved my problems…. =)


Locked