Internal IP to 2nd gateway

josifbg

Unfortunately this change didn`t help in my case :(

Let me show you in pictures my configuration:

According to this configuration all of my LAN IP`s 192.168.3.x are using LoadBalancing and working with no problems.
Except 192.168.3.55 which should use WAN2 as a the only GW for inbound and outbound… unfortunately only outbound traffic is going through WAN2

In addition i`ve a lot of Port forwards on my default GW (WAN1) to IPs on my LAN 192.168.3.x. All of them are above port 500 and work with no issues.

i`ve tried everything i can think of but no success so far :(

craigduff

Sorry for the late reply. Few things to try… and ask..

Does RDP work internally... Can you get to the server inside the network with pfsense?

Also.. Any reason you have Outbound NAT to manual? Are you able to try automatic and try again for me?

Are you just adding rules? rather than going via nat? or you using 1 & 1 nat?

josifbg

@craigduff:

Sorry for the late reply. Few things to try… and ask..

Does RDP work internally... Can you get to the server inside the network with pfsense?

Behind PFSense i`ve ESXi Server with couple of VMs few of them are Windows based.

RDP is working internaly with no issues:

Details: As you can see above 192.168.3.55 should be accessable via WAN2. In addition ive port forwarded RDP port to x.x.3.55 and no matter what i try to access: lets if i try to access x.x.3.55:3389 i can connect with no problems… if i try to access WAN2 IP:3389 i can access with no problems..., but from outside my network i don`t have access to WAN2 IP:3389 which again is port forwarded to x.x.3.55

@craigduff:

Also.. Any reason you have Outbound NAT to manual? Are you able to try automatic and try again for me?

No specific reason for Manual over Automatic…Ive switched to Automatic = no changes. I still cant connect from outside.

@craigduff:

Are you just adding rules? rather than going via nat? or you using 1 & 1 nat?

I`am not really sure i unerstand you question.

craigduff

ok can you confirm you are going into the firewall section clicking on NAT and then adding in a port forward? If you are doing this, the NAT rules automatically create a rule this is under firewall rules… does that appear?

Before you look at all this... Have you done the basics? Reboot Pfsense? That can clean up tables and cache. Also what equipment do you have before the pfsense? or does the ISP just plug into pfsense?

I found in one of my problems RDP not working, this was because i had a Zyxel ADSL router in front and that was the problem. I rebooted and everything started to work...

josifbg

@craigduff:

ok can you confirm you are going into the firewall section clicking on NAT and then adding in a port forward?

Precisely.

@craigduff:

If you are doing this, the NAT rules automatically create a rule this is under firewall rules… does that appear?

No. not at all… Once the port forward is created, no additional rules are created under Firewall: Rules
P.S. On WAN1 (Default GW) I`ve a lot of ports which are forwarded to different IPs on my LAN and non of them has additional rule automaticly created under Firewall:Rules and they are working just fine.

@craigduff:

Before you look at all this… Have you done the basics? Reboot Pfsense? That can clean up tables and cache.

I`ve restarted the Pfsense just now and no effect.

And after the restart I lost connection to the WebConfigurator…Ive restarted the WebConfigurator with no success on gaining access. 2nd reboot on the whole system didnt fix the new issue.
I lost connection to the WebConfigurator even from the LAN... which is weird...

This i call it a bad luck :)

@craigduff:

Also what equipment do you have before the pfsense? or does the ISP just plug into pfsense?

ISP`s are connected directly to my Pfsense. No additional equipment/devices are before pfsense.

@craigduff:

I found in one of my problems RDP not working, this was because i had a Zyxel ADSL router in front and that was the problem. I rebooted and everything started to work…

Well it`s not my case :)

Iam really puzzled on this issue…

craigduff

Wow that is bad luck, its lucky you rebooted now and found there is an issue, rather than later on if you had a power cut etc. I cant say i really understand whats going on… If you have rebooted and its not coming back on, surely that is a dodgy build of pfsense? What hardware is it on? Have you thought about virtualising it within your ESX environment? this is what i do.

When you create a rule on the nat page "port forward" Right at the bottom there is an option for Filter rule association. This is what adds the rules.

josifbg

@craigduff:

Wow that is bad luck, its lucky you rebooted now and found there is an issue, rather than later on if you had a power cut etc. I cant say i really understand whats going on… If you have rebooted and its not coming back on, surely that is a dodgy build of pfsense? What hardware is it on? Have you thought about virtualising it within your ESX environment? this is what i do.

When you create a rule on the nat page "port forward" Right at the bottom there is an option for Filter rule association. This is what adds the rules.

The Pfsense has his own dedicated Hardware (server based) with 4 LAN Cards (2 for WAN and 2 for LAN)

Ive thought about virtualising it on ESXi, but iam not really sure if this is ok in terms of SPoF or additional devices such as WIFI APs for example.

Can you recommend which version to use in production as obviously the one i`am using has some issues….

P.S. Ill reinstall PFsense and will reconfigure all from scratch hopfully its a bug in the release.

craigduff

To be hoenst 2.0.2 is the latest and i am using it on other customer equipment. And its alright, i was on 2.0.1 for ages, but from my understanding there were bug fixes fixed in 2.0.2

Something else i thought of… Can you enable logging on the rule so it has a blue exclamation mark on it? And then try external access and see what the system firewall log says?

I would recommend a reinstall if you have rebooted and it hasnt come back online. I assume you have done loads of restarts on it before and its fine, up until now?

josifbg

OK… Here We go again :)

I`ve just reinstalled PFSense and reconfigured all settings from scratch.

And now the conclusion:

1. Ive noticed that whenever i create port forwarding from **WAN1** (Default GW) to the internal Lan Iam selecting as showed in the pic1 below:

I really dont have reasonable explanation why… Ive just noticed that this set up works so I lived that way.

All ports that are forwarded that way are working with no issues!

2. Whenever i try to create the same port forwarding but from WAN2 it is not working!

No Idea why…

3. Thanks to @craigduff "When you create a rule on the nat page "port forward" Right at the bottom there is an option for Filter rule association. This is what adds the rules."..

So I`ve made the respective changes to the port forwarding from WAN2 as shown on pic2 below:

And voila :) It`s just working :)

What I didn`t understand is why for WAN1 should be as per pic1 and for WAN2 as per pic2…

I really want to Thank @craigduff for his time and effort!

Respect!

craigduff

No problem! It was my pleasure! I love Pfsense! Always will!