Oracle Listener through pfsense nat port forward

juanchoX · Apr 17, 2007, 5:05 PM

I have pfsense (1.0.1 built on Sun Oct 29 01:07:16 UTC 2006) and 2 interfaces (LAN and WAN)

Scenario:
LAN
pfsense lan interface ip: 172.x.x.5/24
lan interface network: 172.x.x.0/24

WAN
pfsense dmz interface ip: 10.x.x.5/24
dmz network: 10.x.x.0/24

here, my configuration *

my nat in PORT FORWARD tab

IF PROTO EXT.PORT.RANGE NAT IP INT.PORT.RANGE
LAN TCP 1521 10.x.x.30 1521
(ext.: 172.x.x.5)
LAN TCP 1522 10.x.x.40 1522
(ext.: 172.x.x.5)
LAN TCP 1521 10.x.x.20 1521
(ext.: 172.x.x.5)
LAN TCP 21 (FTP) 10.x.x.20 21 (FTP)
(ext.: 172.x.x.5)

my firewall rules in LAN TAB

PROTO SOURCE PORT DESTINATION PORT GATEWAY
* LAN net * * * * * Default LAN -> any
TCP * * 10.x.x.30 1521 * NAT Listener database 1
TCP/UDP * * 10.x.x.40 1522 * NAT Listener database 2
TCP/UDP * * 10.x.x.20 1521 * NAT Listener database 3
TCP * * 10.x.x.20 21 (FTP) * NAT nateo reglas ftp
-> here the rules add by the ftphelper
TCP * * WAN address 21 (FTP) * NAT nateo reglas ftp

also test with add port 20, but the same results
passive and active ftp have problem (not list the folders by example).

when I treat to create a NAT: Port Forward (from pass traffic from my LAN port 1521 to dmz at the same port, anyone ip, and autoadd the firewall rules, then the tnsping is timeout, it happens the same for ftp through the nat (from LAN to DMZ).

I read all the manuals, howto and post from this list, for the ftp in particular, already test with Disable the userland FTP-Proxy application (add 2 rules) in LAN of course, but i can´t resolve the probem. in summary my problem is pass the traffic from LAN to DMZ, with nat portforward for this 2 rules (tnsping and ftp), so, i need an upgrades?, patches ?, some suggestion, ideas ?,

people, thanks for advanced !.

juanchoX.

dot_desig · Apr 17, 2007, 6:14 PM

if you're using DMZ 1:1 there is no need to use NAT
and you are mapping * to multiple ports, that's impossible in that case you must specify the incoming port It cannot be all.

cmb · Apr 18, 2007, 12:23 AM

You don't port forward between LAN and DMZ, that should be strictly routing, and your default allow LAN to anything rule on the LAN interface will permit that traffic.

Take out any NAT you have on your LAN interface. Then reboot for the heck of it. Then what happens?

jeroen234 · Apr 20, 2007, 5:26 AM

try upgrading to a version off 2007
the 29 oct 2006 version is verry old
manny bugs have been solved

juanchoX · Apr 23, 2007, 3:45 PM

ok, yes, is really important, but, how update/upgrade to the new versión 2007, i downoad the last version from the site, right now, and after install to hd ,,appear the same title.

1.0.1
built on Sun Oct 29 01:07:16 UTC 2006

how do I make the procedure…

first. I tried to download the live cd from : http://www.pfsense.org/mirror.php?section=downloads
after choose the mirror:in my case for example: http://pfsense.best-view.net/downloads and then
http://pfsense.best-view.net/downloads/pfSense-1.0.1-LiveCD-Installer.iso.gz,

and burn the iso after uncompress, install to hd, configure my interfaces, but when I surf the http://192.168.1.2(in my case), show the same version

i think that thiisss is very important, my version of pfsense is out to date, what am I doing wrong ? so, all te bug still exist in this version .....

i read the blog, but no too much help. so, help me boooooyyyyysssss.

hoba · Apr 23, 2007, 7:26 PM

Install from http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/iso/ to have the latest Releng-Version.

juanchoX · Apr 24, 2007, 1:58 PM

really thanks joba !!.

juanchoX · Apr 26, 2007, 2:15 AM

the error with oracle listener nat, by default port 1521, was that i push the rules at the end, so, change , and push the firewall rules at top of list, and found OK.

pd: sory by my english boys.