NAT to IIS Server / SQL Connections not coming through.

  • I posted this in the Firewalling section the other day, but did not receive any responses yet. Maybe this is a better section of the forums for my issue:

    I'm hoping that someone here can help. I recently implemented pfsense 2.1.5 and all my services are working properly, except for my IIS web server. Basically the server takes request from another web server. The other server call an app to query a MSSQL server that also resides on that server the information is then passed back to the primary web server(external) so that the website displays inventory information.

    I cannot figure out how to get this to work. On the old sonicwall firewall everything works great. On pfsense, I've got 1:1 NAT configured properly (or so I think, since all other services work fine) the webserver has its own dedicated IP as well.

    I've tried the following, still with no luck:

    • created a rule to allow any protocol from * on wan to the web server
    • disabled "block private networks" on WAN interface
    • combination of both with no luck.

    Looking at packets through wireshark, I see that the external server is making the request, but the HTTP packet that is sent back says that there was trouble connecting to the SQL server.

    If anyone has any ideas, I'd appreciate it. This is the last thing I need to fully get my pfsense box up and running.

  • Delete your rules.  Setup a NAT rule, doing the translation.  Let the NAT rule automatically create the firewall rule.

    Here are some NAT rules I use.

  • Wireshark can be overkill for these situations.  Have you looked at the firewall log and filtered on the IP addresses involved to see what is being blocked?  What is the network relationship with all these servers?  I'm assuming they're not on the same network segment.

  • We need more details.  Give us a network map, post your NAT statements and rephrase how the app communicates between the servers (include the IP's).

    Are you seeing any blocks in the logs?

Log in to reply