Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Port Forward to DMZ / Web FTP Server

    NAT
    2
    3
    1139
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      philipp last edited by

      Hello from Austria,

      I already read dozens of threads about port forwarding, but I don't know, either it really don't work or I'm to stupid  ;)
      We will change from a Zywall USG to pfSense. On the Zywall everything worked, but I'm not getting it worked here.

      My setup is the following:

      Wan IP is 178.x.x.220
      Gateway 178.x.x.217
      Subnetmask 255.255.255.248
      Usable IPs are .220, .221, .222 (only these three because the modem using the others for HSRP (HA with cellular modem))

      I have 3 Interfaces, WAN, LAN and DMZ.
      I can connect from LAN to DMZ, and DMZ has Internet access but not LAN access. This is ok.

      But I cant get from WAN to my FTP-Server in DMZ.

      I created an Firewall Alias CrushFTPServer with Internal DMZ IP 10.99.100.10
      and an Port Alias CrushFTPPorts "80, 443, 21, 990".

      Then I created a virtual IP (Screenshot 1)
      With this virtual IP I created a new Port Forwarding. (screenshot2 and screenshot3).

      This creates a new firewall rule. Also I post my whole firewall rules (screenshot 4-6).

      Now when Im trying to connect to my public IP .221 I get no response.
      I tried "Diagnostics: Packet Capture" on my IP .221 with the result:
      23:23:20.070496 IP 129.x.x.11.50385 > 178.x.x.221.80: tcp 0

      It looks like something get to the firewall but not further. I also tried the Packet
      Capture with "full" mode, but I cant read the output.

      23:26:29.301441 f8:71:ea:34:42:60 > 00:0d:b9:31:c2:48, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 52, id 63928, offset 0, flags [DF], proto TCP (6), length 64)
          129.x.x.11.50428 > 178.x.x.221.80: Flags [ S ], cksum 0xd2b6 (correct), seq 1048881925, win 65535, options [mss 1240,nop,wscale 4,nop,nop,TS val 299519922 ecr 0,sackOK,eol], length 0

      Did I forget something, or did a false configuration?

      Thanks in advance,
      Philipp

      PS: I'm no native english speaker, so I hope you understand what I mean :)












      1 Reply Last reply Reply Quote 0
      • P
        philipp last edited by

        I found something weird.

        It works if I dont use the alias as NAT IP (screenshot7). Is it not possible to use the alias for the same IP-Address?
        It works now.


        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by

          Well what was your alias - could pfsense resolve what was in your alias as that IP, did you have some name in there that resolved to something else?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-2440 2.4.5p1 | 4x SG-3100 2.4.4p3 | SG-4860 21.05.2

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy