Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Help on port forwarding, please (deperately need help)

    NAT
    3
    9
    5156
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest last edited by

      Hi, I'm new to pfSense. Here's the detail of my Setup:

      1. pfSense version 1.0.1-SNAPSHOT-02-27-2007 (a VMware VM instance)
        -LAN: 192.168.1.200/24 (static, pfSense's DHCP server disabled on LAN)
        -WAN: 15.15.15.1/8 (it's a static IP setup to test port forwarding)
        -Firewall-NAT:
            -Interface: WAN
            -Ext address: Interface Address
            -Protocol: TCP
            -Ext. Port Range: HTTP (80-80)
            -NAT IP: 192.168.1.10
            -Local Port: HTTP (80)
            -Description: 'web'
            -No XMLRPC Sync: unchecked
            -Auto create was checked at rule creation (in firewall->rules showed up a new rule similar to NAT rule)
        -Firewall-Rules:
            -Action: Pass
            -Disabled: Unchecked
            -Interface: WAN
            -Protocol: TCP
            -Source: Any
            -Destination: Single host or alias, Address: 192.168.1.10
            -Destination Port Range: HTTP (80)
            -Log: checked
            -No XMLRPC Sync: unchecked
            -Gateway Default
            -Description: 'NAT web'
      2. Apache Web server at 192.168.1.10 listening at port 80 and 199
      3. Client, Knoppix Linux Live DVD v5.0.1 at WAN interface, IP address: 15.15.15.15/8 (a VMware VM instance)
      4. The setup is running on VMware Server v1.0, pfSense is at VM0, Knoppix is at VM1, the Apache Web server is at the host computer
      5. All network card setup in VMware server are set to 'Bridged', 'Connected' is checked, 'Connect at power on' is checked also.

      The Issue:
          With NAT rule and Firewall rule in place, I can't open the apache from WAN, I do get this message in
      Diagnostics: System logs: Firewall = "pf: 014529 rule 30/0(match): pass in on le1: 15.15.15.15.42585 > 192.168.1.10.80: S 2370850529:2370850529(0) win 5840 <mss 1460,sackok,timestamp[|tcp]="">". I thought at first, the web server is not running, I tried to open it locally (at the host) it's running. Then I tried to change Knoppix IP address to 192.168.1.202/24, Knoppix can open it just fine. After that I reset the Knoppix's IP address to 15.15.15.15/8. Then from pfSense, I tried to ping host, and knoppix, both are responding normally, I even tried downloading pfSense update from host(192.168.1.10) by running "fetch -o /tmp/firmware.tgz http://192.168.1.10/pfSense-update.tgz" (I renamed the update file-name because it's too long). It was working like a charm, but not from Knopppix at WAN side. Any thoughts appreciated

      The Setup (logical version):

      (Apache Web Server listening at port 80 and port 199) Host (192.168.1.10/24) <–-> (LAN Interface: 192.168.1.200/24) pfSense (WAN Interface: 15.15.15.1/8) <---> (15.15.15.15/8) Knoppix Linux (Mozilla Firefox v1.5.0.3)

      Thanks in advance,

      zzz2496</mss>

      1 Reply Last reply Reply Quote 0
      • S
        sai last edited by

        change the port for your pfS Web GUI to something other than 80.

        1 Reply Last reply Reply Quote 0
        • H
          hoba last edited by

          @sai:

          change the port for your pfS Web GUI to something other than 80.

          This shouldn't interfere with a port redirect. You will lose to access the webgui by the WAN IP though but by LAN IP will be fine. As it is passing the traffic this is not a pfsense issue (see firewalllog). Probably a vmware missconfiguration or a routing problem of some kind.

          1 Reply Last reply Reply Quote 0
          • ?
            Guest last edited by

            @sai

            I've changed the listen port (now @ 54321) and changed the protocol too (now @ HTTPS), and as hoba said… it doesn't work... but thanks for the reply  :D

            @hoba

            If I make my knoppix's ip address to the same subnet as my host OS (192.168.1.202), it can open the apache just fine, that's why I'm wondering if I did something wrong (and vmware is operating normally afaics).
            Here's another log entry from firewall:

            "pf: 35. 801321 rule 46/0(match): pass in on le1: 15.15.15.15.39752 > 192.168.1.10.80: S 4214566814:4214566814(0) win 5840 <mss 1460,sackok,timestamp[|tcp]="">"

            but the browser keep on timing out… I'm new to pfSense, but I know my way around computer network
            (done ICND few years ago :))

            Thanks for the reply,

            zzz2496</mss>

            1 Reply Last reply Reply Quote 0
            • H
              hoba last edited by

              Is the apache server able to ping the knoppix host? If not maybe it's using a wrong gateway.

              1 Reply Last reply Reply Quote 0
              • ?
                Guest last edited by

                @hoba:

                Is the apache server able to ping the knoppix host? If not maybe it's using a wrong gateway.

                @hoba, yes I can ping my knoppix host, I'm currently on ##pfsense (in away mode).

                1 Reply Last reply Reply Quote 0
                • H
                  hoba last edited by

                  hm, still thinking it's a vmware config issue. Do the states look ok at diagnostics>states for this connection? if yes it definately is not a pfSense issue.

                  1 Reply Last reply Reply Quote 0
                  • ?
                    Guest last edited by

                    @hoba:

                    hm, still thinking it's a vmware config issue. Do the states look ok at diagnostics>states for this connection? if yes it definately is not a pfSense issue.

                    @hoba

                    Sorry, internet blackout just now…
                    I found the problem at last (your hint was the KEY :)) thank you sooo muchhh.
                    The problem was windows's gateway binding = idiot, I told it to get to 192.168.1.200 as gateway with higher metric number... windows is windows... if I take out one of the gateway IP, it works like a charm... that took me 4 days... Thank you again, hoba bows :D

                    1 Reply Last reply Reply Quote 0
                    • H
                      hoba last edited by

                      Glad you got it working finally  :)

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post