Port forwarding problem

maxxer

I've weird networking problems in a virtualized pfsense.
LAN is 192.168.1.0/24

I configured two port forwards, one to 192.168.1.47 (physical KVM host) and one to 192.168.1.49 (another physical host in the lan).
If I try to ssh to the port of .49 everything works, while against .47 it does not!
I also have a VPN here, I can ping .47 & .49 fine, but I can only ssh to .49, 47 will timeout.

I managed to catch a tcpdump while trying to ssh to .47 (via portfw):

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vtnet0, link-type EN10MB (Ethernet), capture size 96 bytes
12:18:21.720364 IP my.host.com.34242 > 192.168.1.47.ssh: Flags [s], seq 2689263164, win 14600, options [mss 1412,sackOK,TS val 2912170 ecr 0,nop,wscale 7], length 0
12:18:21.720760 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127905521 ecr 2912170,nop,wscale 7], length 0
12:18:22.718447 IP my.host.com.34242 > 192.168.1.47.ssh: Flags [s], seq 2689263164, win 14600, options [mss 1412,sackOK,TS val 2912420 ecr 0,nop,wscale 7], length 0
12:18:22.718814 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127905770 ecr 2912170,nop,wscale 7], length 0
12:18:22.923054 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127905821 ecr 2912170,nop,wscale 7], length 0
12:18:24.723703 IP my.host.com.34242 > 192.168.1.47.ssh: Flags [s], seq 2689263164, win 14600, options [mss 1412,sackOK,TS val 2912921 ecr 0,nop,wscale 7], length 0
12:18:24.724103 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127906272 ecr 2912170,nop,wscale 7], length 0
12:18:24.935085 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127906325 ecr 2912170,nop,wscale 7], length 0
12:18:28.734360 IP my.host.com.34242 > 192.168.1.47.ssh: Flags [s], seq 2689263164, win 14600, options [mss 1412,sackOK,TS val 2913924 ecr 0,nop,wscale 7], length 0
12:18:28.734737 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127907274 ecr 2912170,nop,wscale 7], length 0
12:18:28.947166 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127907328 ecr 2912170,nop,wscale 7], length 0
12:18:36.751056 IP my.host.com.34242 > 192.168.1.47.ssh: Flags [s], seq 2689263164, win 14600, options [mss 1412,sackOK,TS val 2915928 ecr 0,nop,wscale 7], length 0
12:18:36.751477 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127909279 ecr 2912170,nop,wscale 7], length 0
12:18:36.975114 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127909335 ecr 2912170,nop,wscale 7], length 0

it seems it's replying to me, but the connection never gets established.
firewall > nat > outbount is set to automatic.

What could be the cause?
What makes work for .49 and not for .47?

thanks

pfSense 2.1-BETA1 (amd64) 
built on Mon Dec 17 23:46:57 EST 2012 
FreeBSD 8.3-RELEASE-p5

[/s][/s][/s][/s][/s]

heper

is the gateway filled in correctly on the KVM box ?

maxxer

@heper:

is the gateway filled in correctly on the KVM box ?

yes, in fact ping works fine…