NAT Through Multi-WAN on pfSense



  • I'm using pfSense 2.0.3 and i wish to do a Port Forward for my DVR (Internal Company Surveillance), so, here's the thing.

    I have a multiwan:

    WAN: 2mbps link, fixed IP, DMZ, and i want to use this for DVR. On pfSense, i called its gateway of "OiGW".

    WAN_VIANET: 10mbps link, randomic IP, and i called its gateway of ViaNetGW.

    The DVR works with ports TCP 100, 8081 and UDP 9000.

    What happens is, when i try to connect outsite the company site, it keeps connecting, connecting and won't go to anywhere.

    Can Someone help me?

    I'm attaching screenshots of my setup. I looked a lot of articles over internet but, i don't know if i have some problem on my pfSense or if i'm not understanding the whole thing right.

    I appreciate any help.

    Thank You! ;)

    Francisco

    –-
    Print Screens attached


    ![nat portforward.PNG](/public/imported_attachments/1/nat portforward.PNG)
    ![nat portforward.PNG_thumb](/public/imported_attachments/1/nat portforward.PNG_thumb)
    ![fw rules.PNG](/public/imported_attachments/1/fw rules.PNG)
    ![fw rules.PNG_thumb](/public/imported_attachments/1/fw rules.PNG_thumb)
    ![fw rules 2.PNG](/public/imported_attachments/1/fw rules 2.PNG)
    ![fw rules 2.PNG_thumb](/public/imported_attachments/1/fw rules 2.PNG_thumb)


  • Banned

    Hiding the DVR model is extremely unhelpful since to put it mildly… since it makes checking the ports in documentation just impossible (port 100 is something I've never seen in use with these devices.) Also, WTH is that 155.102.xxx.90 thing? You should port-forward it to the internal LAN IP, not to the public IP of the firewall.



  • Sorry, i didn't knew that the model of DVR was so important, i thought that only the ports i want forward was enough.
    The DVR model is Giga Security GS 16480E.

    .90 is the IP of DVR.

    Again, sorry for the missed information.

    Thanks.


  • Banned

    @drmwndr:

    .90 is the IP of DVR.

    You just invented that 155.102.xxx.90 IP, or??? Once again, this is not what you normally use on LANs (see RFC1918). You will never reach your DVR from outside unless you are

    
    NetRange:       155.102.0.0 - 155.102.255.255
    CIDR:           155.102.0.0/16
    OriginAS:       
    NetName:        ERIM
    NetHandle:      NET-155-102-0-0-1
    Parent:         NET-155-0-0-0-0
    NetType:        Direct Assignment
    RegDate:        1991-11-01
    Updated:        2012-03-02
    Ref:            http://whois.arin.net/rest/net/NET-155-102-0-0-1
    
    OrgName:        Altarum Institute
    OrgId:          ALTARU-1
    Address:        3520 Green Court
    City:           Ann Arbor
    StateProv:      MI
    PostalCode:     48105
    Country:        US
    RegDate:        2002-08-22
    Updated:        2008-08-28
    Ref:            http://whois.arin.net/rest/org/ALTARU-1
    
    


  • No, i didn't, i know the RFC1918 and the rules.
    I got this network completly crappy from an ex-employee, and i'm trying to fix stuffs here.  ;)


  • Banned

    Are you really sure about the ports? Because, that's not what I can see in the manual - page 29 (despite my non-existent Portuguese). Also, this config screen from the DVR would help. Other than that, no chance to check with 2.0.3, way too outdated, no such box here.



  • yes, i do.
    I saw the manual too, it says that comes with another ports by default, but checking the DVR Config, i saw this three ports setted. I'll try to change it.

    About the IP Range, was a known issue, i'll see what i can do to fix this in a short time! ;)

    Thanks for you attention!  ;D


  • Banned

    @drmwndr:

    I saw the manual too, it says that comes with another ports by default, but checking the DVR Config, i saw this three ports setted. I'll try to change it.

    Well it should not matter as long as those are really the ports configured there and as long as you can see them open when checking from outside, like with http://www.canyouseeme.org/



  • Could be an ADSL router related issue?

    Would be a good idea put it on a "bridge"  mode?
    Because sometimes looks like pfSense doesnt receive the packages to delivery to DVR. I runned a tcpdump, and i couldnt identify traffic coming from outside to any desired ports.


  • Banned

    Yes, it would be definitely a good idea to put that in bridge mode and configure PPPoE in pfSense – since otherwise the pfSense configuration is pretty much irrelevant, the packets will never arrive there.



  • Ok! I'll try this in the end of this Business Day, and feedback here as soon i have results!  :D



  • Solved using "Bridge" mode, thank you!  ;)


  • Banned

    Good. ;)


Log in to reply