What am I doing wrong? I don't see it (NAT/port fwd)
-
My network;
WAN3 -> Modem 3 (Bridged) <– PPPoe (always on) --> pfSense 2.1 (Nat/FW/DHCP/DNS) -> LAN 10.0.1.0/24
WAN4 -> Modem 4 (Bridged) <-- PPPoe (always on) --> ^I've made 2 NAT rules:
IF, Proto, Src addr, src port, dest addr, NAT IP, NAT port
WAN3, TCP, *, *, WAN3 Address, 25565, 10.0.1.44, 25565
WAN4, TCP, *, *, WAN4 Address, 25565, 10.0.1.44, 25565Which created the rules:
On WAN3 - IPv4 TCP, *, *, 10.0.1.44, 25565, *, none
On WAN4 - IPv4 TCP, *, *, 10.0.1.44, 25565, *, noneThis exact same setup for my WAN1 and 2 (another pfSense) works fine. But it doesn't work in this one.
I've restarted the machine. Reset the states, recreated the rules a few times.
Of course I made sure the domain names resolve correctly and internally the 10.0.1.44 is reachable and works as intended (It's a minecraft server).
The whole setup is fairly vanilla, no extra packages or crazy stuff, Just NAT/FW/DHCP/DNS and Captive Portal on LAN.Aside from the NAT everything has been working fine for a number of weeks.
Any ideas welcome. Thanks!
-
In the NAT entry, I'm pretty sure you want the dest addr on WAN4 to be WAN4 address, not WAN3.
-
ha yes, I have that. I copied the rule and forgot to change it here in the topic…
-
What, specifically, isn't working? What's the DNS name? (PM if you like)
-
On the network I have a rack server on 10.0.1.44
As seen in the first post I have 2 WAN. Both with a static/dedicated IP.On each IP I want to link a subdomain to 10.0.1.44
namely; play.wifitea.net and play.buildinmyworld.com.As far as I can see they resolve properly. And the pfSense box can ping the server too (From diagnostics).
Internally I can reach that server to play Minecraft on, on that IP and DNS
The DNS resolver is active on the LAN (USER interface) and resolves things correctly to the local address.So internally everything works.
Externally nothing redirects/forwards.See attached…
-
I have the same problem.
I try to port forward ssh to a internal server, not work!
-
Default gateway on the minecraft server?
-
According to webmin it's 10.0.0.1 (attached)
Would that be it? If so, can I add a 2nd gateway or is there another trick to work around that?It's a Ubuntu 12.04 machine.
-
Why does your box have 2 networks attached?
Why is it not just connected to your 10.0.1.0/24 network??
-
Because there is another network coming in on the other interface, also with it's own wan… (Wan 1 & 2 - mentioned before) through another pfsense machine.
-
Sounds like one cluster of setup ;)
I am at a loss to why you would have 4 internet connections in the first place.. But why would these 4 connections not being into 1 pfsense box.
You have an asynchronous routing issue. Yeah that is going to cause problems!
-
It's not that complex actually, and everything works, except these 2 port forwards.
So do you think its a gateway thing on the server itself? Or is something going wrong on the pfSense box?
-
Who said anything about complex, what I said was it sounds like a CLUSTER ;)
Dude your issue is networking 101 - what do not understand about this issue?
See the Pic
-
According to webmin it's 10.0.0.1 (attached)
Would that be it? If so, can I add a 2nd gateway or is there another trick to work around that?It's a Ubuntu 12.04 machine.
According to your original post, your LAN is 10.0.1.0/24. 10.0.0.1 is not on that network, so it's broken.
No workaround necessary. Proper configuration is what you need.
This really is drop-dead simple. Multi-WAN complicates it some. You might consider unplugging one of the WANs, starting from factory defaults on pfSense, until you get everything working - then worry about Multi-WAN.
-
Derelict, I didn't think the other 'half' of my network was irrelevant to this issue.
But maybe it helps to know…Because of some limitations I have/require 4 dsl connections to get a certain speed.
Because of me not paying attention when buying hardware I have 2 computers running Pfsense (instead of 1 with 7 NIC). Each has 2x WAN + the required Lans.One Pfsense machine works, ports are forwarded and things go smooth.
The other Pfsense also works, but ports are not forwarded to 10.0.1.44.The .44 machine is a Dell Poweredge with dual LAN. One interface is hooked up to the 10.0.0.0/24 subnet (10.0.0.44, gateway 10.0.0.1) and port forwards to that interface work fine, from that subnet.
The other interface, 10.0.1.44 also works, internally. But port forwards do not reach it.Perhaps a simple gateway issue, but I'm not sure how to resolve that or even how to determine if it is. I'm no expert - As you may have guessed.
-
Searching some more for a "dual gateway" setup on Ubuntu, this seems more trouble than it's worth.
I'm going to explore some other options.
-
"Because of some limitations I have/require 4 dsl connections to get a certain speed."
And how are you getting a certain speed when they are connected to 2 different machines? You sure and the hell are not bonding them, you can not even be doing load balancing over the 4. So certain speed - no.. Bandwidth ok, but you would have to distribute what your doing over 4 different connections manually, etc. So there is no possible way your fully utilizing the bandwdith you have available.
So your telling me there is no other connection options other than really slow dsl? Come on, nonsense.
-
"Because of some limitations I have/require 4 dsl connections to get a certain speed."
And how are you getting a certain speed when they are connected to 2 different machines? You sure and the hell are not bonding them, you can not even be doing load balancing over the 4. So certain speed - no.. Bandwidth ok, but you would have to distribute what your doing over 4 different connections manually, etc. So there is no possible way your fully utilizing the bandwdith you have available.
So your telling me there is no other connection options other than really slow dsl? Come on, nonsense.
Why are you questioning me having 4 dsl connections when you know nothing about what ISPs have to offer here?
If I want to use 2 connections on each pfSense machine that's my business and does not apply/relate to my original question.If you are quite done going off-topic, can we get back to my original question? Which is forwarding 2 ports…
As you suggested, this may be a gateway issue on the receiving server. I've looked into that, turns out it's a lot of trouble so I'm exploring some other options now. If you have other useful input, feel free to share.
-
As was already pointed out, I'll bet the forwards are reaching the machine in question, but the REPLIES (SYNACKS, ACKS) are being routed somewhere goofy so the TCP connection is not coming up. You will want to get to know a tool such as wireshark.
Like I said, I would SIMPLIFY your setup (ONE WAN, ONE LAN), which will prove the problem is not with pfSense and its port forwarding.
Having one machine on two LANs is almost never a good idea.
-
"Why are you questioning me having 4 dsl connections when you know nothing about what ISPs have to offer here?"
Because I work for a large IT Services company - and don't buy slow ass dsl being the only option. Are you in the middle of nowhere? And if you actually needing a specific speed, how you are doing it is NOT the correct way to go about getting it ;)
We have already solved your issue - and as typical it had nothing to do with any sort of issue with pfsense, just lack of understanding basic networking ;)
