• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Oracle Listener through pfsense nat port forward

Scheduled Pinned Locked Moved NAT
8 Posts 5 Posters 6.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J Offline
    juanchoX
    last edited by Apr 17, 2007, 5:05 PM

    I have pfsense (1.0.1 built on Sun Oct 29 01:07:16 UTC 2006) and 2 interfaces (LAN and WAN)

    Scenario:
    LAN
    pfsense lan interface ip: 172.x.x.5/24
    lan interface network: 172.x.x.0/24

    WAN
    pfsense dmz interface ip: 10.x.x.5/24
    dmz network:  10.x.x.0/24

    here, my configuration *

    my nat in PORT FORWARD tab

    IF    PROTO  EXT.PORT.RANGE      NAT IP                  INT.PORT.RANGE
    LAN  TCP            1521                  10.x.x.30                  1521
                                                    (ext.: 172.x.x.5)     
    LAN  TCP            1522                  10.x.x.40                  1522
                                                    (ext.: 172.x.x.5)   
    LAN  TCP            1521                  10.x.x.20                  1521
                                                    (ext.: 172.x.x.5)     
    LAN  TCP          21 (FTP)              10.x.x.20                  21 (FTP)
                                                    (ext.: 172.x.x.5)

    my firewall rules in LAN TAB

    PROTO        SOURCE      PORT      DESTINATION  PORT      GATEWAY 
    *  LAN net          *              *              *              *            *                Default LAN -> any   
      TCP                *              *          10.x.x.30      1521          *                NAT Listener database 1
      TCP/UDP          *              *          10.x.x.40      1522          *                NAT Listener database 2 
      TCP/UDP          *              *          10.x.x.20      1521          *                NAT Listener database 3 
      TCP                *              *          10.x.x.20    21 (FTP)      *                NAT nateo reglas ftp   
    -> here the rules add  by the ftphelper
      TCP                  *              *        WAN address  21 (FTP)      *              NAT nateo reglas ftp

    also test with add port 20, but the same results
    passive and active ftp have problem (not list the folders by example).

    when I treat to create a NAT: Port Forward (from pass traffic from my LAN port 1521 to dmz at the same port, anyone ip, and autoadd the firewall rules, then the tnsping is timeout, it happens the same  for ftp through the nat (from LAN to DMZ).

    I read all the manuals, howto and post from this list, for the ftp in particular,  already test  with Disable the userland FTP-Proxy application (add 2 rules) in LAN of course, but i can´t resolve the probem. in summary  my problem is pass the traffic from LAN to DMZ, with nat portforward for this 2 rules (tnsping and ftp), so,  i need an upgrades?, patches ?, some suggestion, ideas ?,

    people, thanks for advanced !.

    juanchoX.

    1 Reply Last reply Reply Quote 0
    • D Offline
      dot_desig
      last edited by Apr 17, 2007, 6:14 PM

      if you're using DMZ 1:1 there is no need to use NAT
      and you are mapping * to multiple ports, that's impossible in that case you must specify the incoming port It cannot be all.

      1 Reply Last reply Reply Quote 0
      • C Offline
        cmb
        last edited by Apr 18, 2007, 12:23 AM

        You don't port forward between LAN and DMZ, that should be strictly routing, and your default allow LAN to anything rule on the LAN interface will permit that traffic.

        Take out any NAT you have on your LAN interface. Then reboot for the heck of it. Then what happens?

        1 Reply Last reply Reply Quote 0
        • J Offline
          jeroen234
          last edited by Apr 20, 2007, 5:26 AM

          try upgrading to a version off 2007
          the 29 oct 2006 version is verry old
          manny bugs have been solved

          1 Reply Last reply Reply Quote 0
          • J Offline
            juanchoX
            last edited by Apr 23, 2007, 3:45 PM

            ok, yes, is really important, but, how update/upgrade to the new versión 2007, i downoad the last version from the site, right now, and after install to hd ,,appear the same title.

            1.0.1
            built on Sun Oct 29 01:07:16 UTC 2006

            how do I make the procedure…

            first. I tried to download the live cd from : http://www.pfsense.org/mirror.php?section=downloads
            after choose the mirror:in my case for example:  http://pfsense.best-view.net/downloads and then
            http://pfsense.best-view.net/downloads/pfSense-1.0.1-LiveCD-Installer.iso.gz,

            and burn the iso after uncompress, install to hd, configure my interfaces, but when I surf the http://192.168.1.2(in my case), show the same version

            i think that thiisss is very important, my version of pfsense is out to date, what am I doing wrong ? so, all te bug still exist in this version .....

            i read the blog, but no too much help. so, help me boooooyyyyysssss.

            1 Reply Last reply Reply Quote 0
            • H Offline
              hoba
              last edited by Apr 23, 2007, 7:26 PM

              Install from http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/iso/ to have the latest Releng-Version.

              1 Reply Last reply Reply Quote 0
              • J Offline
                juanchoX
                last edited by Apr 24, 2007, 1:58 PM

                really thanks joba !!.

                1 Reply Last reply Reply Quote 0
                • J Offline
                  juanchoX
                  last edited by Apr 26, 2007, 2:15 AM

                  the error with  oracle listener nat, by default port 1521, was that i push the rules at the end, so, change , and push the firewall rules at top of list, and found OK.

                  pd: sory by my english boys.

                  1 Reply Last reply Reply Quote 0
                  6 out of 8
                  • First post
                    6/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received