Oracle Listener through pfsense nat port forward



  • I have pfsense (1.0.1 built on Sun Oct 29 01:07:16 UTC 2006) and 2 interfaces (LAN and WAN)

    Scenario:
    LAN
    pfsense lan interface ip: 172.x.x.5/24
    lan interface network: 172.x.x.0/24

    WAN
    pfsense dmz interface ip: 10.x.x.5/24
    dmz network:  10.x.x.0/24

    here, my configuration *

    my nat in PORT FORWARD tab

    IF    PROTO  EXT.PORT.RANGE      NAT IP                  INT.PORT.RANGE
    LAN  TCP            1521                  10.x.x.30                  1521
                                                    (ext.: 172.x.x.5)     
    LAN  TCP            1522                  10.x.x.40                  1522
                                                    (ext.: 172.x.x.5)   
    LAN  TCP            1521                  10.x.x.20                  1521
                                                    (ext.: 172.x.x.5)     
    LAN  TCP          21 (FTP)              10.x.x.20                  21 (FTP)
                                                    (ext.: 172.x.x.5)

    my firewall rules in LAN TAB

    PROTO        SOURCE      PORT      DESTINATION  PORT      GATEWAY 
    *  LAN net          *              *              *              *            *                Default LAN -> any   
      TCP                *              *          10.x.x.30      1521          *                NAT Listener database 1
      TCP/UDP          *              *          10.x.x.40      1522          *                NAT Listener database 2 
      TCP/UDP          *              *          10.x.x.20      1521          *                NAT Listener database 3 
      TCP                *              *          10.x.x.20    21 (FTP)      *                NAT nateo reglas ftp   
    -> here the rules add  by the ftphelper
      TCP                  *              *        WAN address  21 (FTP)      *              NAT nateo reglas ftp

    also test with add port 20, but the same results
    passive and active ftp have problem (not list the folders by example).

    when I treat to create a NAT: Port Forward (from pass traffic from my LAN port 1521 to dmz at the same port, anyone ip, and autoadd the firewall rules, then the tnsping is timeout, it happens the same  for ftp through the nat (from LAN to DMZ).

    I read all the manuals, howto and post from this list, for the ftp in particular,  already test  with Disable the userland FTP-Proxy application (add 2 rules) in LAN of course, but i can´t resolve the probem. in summary  my problem is pass the traffic from LAN to DMZ, with nat portforward for this 2 rules (tnsping and ftp), so,  i need an upgrades?, patches ?, some suggestion, ideas ?,

    people, thanks for advanced !.

    juanchoX.



  • if you're using DMZ 1:1 there is no need to use NAT
    and you are mapping * to multiple ports, that's impossible in that case you must specify the incoming port It cannot be all.



  • You don't port forward between LAN and DMZ, that should be strictly routing, and your default allow LAN to anything rule on the LAN interface will permit that traffic.

    Take out any NAT you have on your LAN interface. Then reboot for the heck of it. Then what happens?



  • try upgrading to a version off 2007
    the 29 oct 2006 version is verry old
    manny bugs have been solved



  • ok, yes, is really important, but, how update/upgrade to the new versión 2007, i downoad the last version from the site, right now, and after install to hd ,,appear the same title.

    1.0.1
    built on Sun Oct 29 01:07:16 UTC 2006

    how do I make the procedure…

    first. I tried to download the live cd from : http://www.pfsense.org/mirror.php?section=downloads
    after choose the mirror:in my case for example:  http://pfsense.best-view.net/downloads and then
    http://pfsense.best-view.net/downloads/pfSense-1.0.1-LiveCD-Installer.iso.gz,

    and burn the iso after uncompress, install to hd, configure my interfaces, but when I surf the http://192.168.1.2(in my case), show the same version

    i think that thiisss is very important, my version of pfsense is out to date, what am I doing wrong ? so, all te bug still exist in this version .....

    i read the blog, but no too much help. so, help me boooooyyyyysssss.



  • Install from http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/iso/ to have the latest Releng-Version.



  • really thanks joba !!.



  • the error with  oracle listener nat, by default port 1521, was that i push the rules at the end, so, change , and push the firewall rules at top of list, and found OK.

    pd: sory by my english boys.


Log in to reply