Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Problem with NAT. Can't forward port from WAN to LAN.

    NAT
    8
    29
    10373
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      farion last edited by

      Greetings.

      Tried some free router distributives, and PfSense few month ago, and chose pfSense for use in my small office (20+ users) to replace old ISA Server which is end of support. The problem is, I still cant configure NAT.
      The Internet from LAN works fine, and I can ping external static IP (created rule allowing ICMP of WAN), but Port Forwarding on WAN isn't working.

      Screens of created rules:

      NAT Forward:
      https://www.dropbox.com/s/n9yf2w71dmkx65k/forward1.png?dl=0
      And linked WAN rules:
      [https://www.dropbox.com/s/spn7zqat7ym9t22/forward2.png?dl=0]![](https://www.dropbox.com/s/spn7zqat7ym9t22/forward2.png?dl=0<br /><br />Port scan from external net shows that all ports are closed<br /><br />[b]Some logs screen:[/b]<br />[url]https://www.dropbox.com/s/4pqol26w31mc6ok/logs.png?dl=0[/url]<br />[url]https://www.dropbox.com/s/yjro31k42i8zz6i/logs2.png?dl=0[/url]<br /><br />All incoming IPv4 packets bloked, reason: [b]@5 block drop in log inet all label )Yes, it's the default block rule for WAN. It seems to be the last priority rule, forwarding rules created and must execute first< (basics of networking, yes), but they are not working.

      Yes, I had RTFM [url]Port Forward Troubleshooting[/url], but it is not helped.Tried google forum, wiki, etc., and my brain is overheated, but i cant find solution :c

      I really like pfSense in comparison with other network distributives, and I dont wanted to use monowall or something instead of IT, but with my mediocre experience with linux and networking still can't understand what is wrong. But with my mediocre experience with linux and networking still can't understand what is wrong. Hope for the Community support.

      [u][b]upd1:[/b][/u]

      Screens of [b]WAN interface configure[/b]
      [url]https://www.dropbox.com/s/gkjfirjd5hyhms0/WAN.png?dl=0[/url]
      And [b]System: Advanced: Firewall and NAT[/b]
      [url]https://www.dropbox.com/s/ppcl3xinpbnsc4e/FireShotNATscr.png?dl=0[/url]

      Hope it will help. If more configs needed please elaborate." />](http://[img)

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Try changing the destination address in your NAT rules from any to WAN address.

        ![Screen Shot 2015-01-19 at 5.41.33 AM.png](/public/imported_attachments/1/Screen Shot 2015-01-19 at 5.41.33 AM.png)
        ![Screen Shot 2015-01-19 at 5.41.33 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-01-19 at 5.41.33 AM.png_thumb)

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • F
          farion last edited by

          Direlict, already tried it. Still not working :c.

          Internal web server 100% works, can see the web site from the internal network and another router that currently runs, but not from pfsense wan net.

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            Then something else is wrong.  The correct configuration is for the destination IP to be WAN address.  I can assure you port forwards work just fine.

            Are you testing this from inside or outside your network?

            Chattanooga, Tennessee, USA
            The pfSense Book is free of charge!
            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate last edited by

              None of those log entries are for traffic to ports you're trying to forward.  Just looks like your firewall doing its job blocking unsolicited inbound traffic.

              Chattanooga, Tennessee, USA
              The pfSense Book is free of charge!
              DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • F
                farion last edited by

                Сhecked both from internal and from external net, from varios IP and providers. Still cant see the web server, or other resourses from external.

                Suggested that the problem might be in the installed module squid3 and squidGuard, so I deleted this packages. Maybe because of this? But dont know how to diagnostic such thing :c

                Maybe some pfctl listings can help?

                [2.1.5-RELEASE][root@pfs.rcn.local]/cf/conf(27): pfctl -sn
                no nat proto carp all
                nat-anchor "natearly/*" all
                nat-anchor "natrules/*" all
                nat on xl0 inet from 10.0.1.0/24 port = isakmp to any port = isakmp -> 213.17*****2 port 500
                nat on xl0 inet from 127.0.0.0/8 port = isakmp to any port = isakmp -> 213.17*****2 port 500
                nat on xl0 inet from 10.0.1.0/24 to any -> 213.17*****2 port 1024:65535
                nat on xl0 inet from 127.0.0.0/8 to any -> 213.17*****2 port 1024:65535
                no rdr proto carp all
                rdr-anchor "relayd/*" all
                rdr-anchor "tftp-proxy/*" all
                rdr on xl0 inet proto tcp from any to any port = ftp -> 10.0.1.20
                rdr on re0 inet proto tcp from any to 213.17#####16/29 port = ftp tag PFREFLECT -> 127.0.0.1 port 19000
                rdr on xl0 inet proto tcp from any to any port = smtp -> 10.0.1.21
                rdr on re0 inet proto tcp from any to 213.17#####16/29 port = smtp tag PFREFLECT -> 127.0.0.1 port 19001
                rdr on xl0 inet proto tcp from any to 213.17*****2 port = http -> 10.0.1.20
                rdr on xl0 inet proto tcp from any to 213.17*****2 port = https -> 10.0.1.20
                rdr on re0 inet proto tcp from any to 213.17*****2 port = http tag PFREFLECT -> 127.0.0.1 port 19002
                rdr on re0 inet proto tcp from any to 213.17*****2 port = https tag PFREFLECT -> 127.0.0.1 port 19003
                rdr-anchor "miniupnpd" all
                
                

                I would suggest that this is a problem is in hardware, but access to the Internet through the gateway is operating normally.

                1 Reply Last reply Reply Quote 0
                • M
                  muswellhillbilly last edited by

                  Check the routing on your target servers (10.10.1.20 and 10.10.1.21). They should be set to use the pfSense as the default gateway. Otherwise, traffic will be forwarded through the firewall and responses will be lost when the server(s) try to send the traffic back through a different route/gateway.

                  1 Reply Last reply Reply Quote 0
                  • F
                    farion last edited by

                    @muswellhillbilly:

                    Check the routing on your target servers (10.10.1.20 and 10.10.1.21). They should be set to use the pfSense as the default gateway.

                    THIS!
                    And yes, it's my stupidest fault.

                    Just start test FTP server on my PC, forwarding works fine! Thanks for help!
                    Problem solved, topic can be closed.

                    1 Reply Last reply Reply Quote 0
                    • Derelict
                      Derelict LAYER 8 Netgate last edited by

                      Third time this week.

                      Chattanooga, Tennessee, USA
                      The pfSense Book is free of charge!
                      DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • T
                        tarmenel last edited by

                        Just starting out and having a similar issue.
                        I can see on the Firewall Logs that I am trying to connect to the server.
                        You mentioned that the default gateway of the destination server needs to be pfsense.
                        Is this the IP you are refering to of the pfsense server?

                        1 Reply Last reply Reply Quote 0
                        • Derelict
                          Derelict LAYER 8 Netgate last edited by

                          The default gateway is usually the IP address of the router's LAN interface unless you have multiple routers, a layer 3 switch, or something else outside the normal home setup.

                          Without it set like this the inside host doesn't have access to the internet.

                          In the diagram in my sig, Host A1's default gateway needs to be 172.26.0.1.

                          Chattanooga, Tennessee, USA
                          The pfSense Book is free of charge!
                          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                          1 Reply Last reply Reply Quote 0
                          • E
                            edmund last edited by

                            I'm having a similar problem, I have a web server on the LAN (192.168.0.8 ) and it's reachable from anywhere on the LAN but the NAT rule doesn't appear to allow the outside world to see it on 68.224.223.183.  I've enabled logging on the rule that the NAT redirect created but it never seems to catch anything coming in through the WAN.

                            I have a rule on the LAN side to push everything from 192.168.0.8 to the same WAN gateway with the redirect, and that logs regular DNS traffic from 192.168.0.8 to the world through the correct gateway so I know that the LAN side logging works and traffic is going out of the same net that it should be coming in through.

                            I'm wondering if the NAT redirect somehow bypasses the logging switch but that seem unlikely.

                            I have to be missing something - I've been through all the Port Forward Troubleshooting docs and everything appears obvious and OK, I'll read though the 2.2 manual tonight for more clues.

                            1 Reply Last reply Reply Quote 0
                            • Derelict
                              Derelict LAYER 8 Netgate last edited by

                              @edmund:

                              I'm having a similar problem, I have a web server on the LAN (192.168.0.8 ) and it's reachable from anywhere on the LAN but the NAT rule doesn't appear to allow the outside world to see it on 68.224.223.183.  I've enabled logging on the rule that the NAT redirect created but it never seems to catch anything coming in through the WAN.

                              Post up your NAT rule and WAN firewall rules

                              Should be:

                              If WAN
                              Proto TCP
                              Src Addr *
                              Src Port *
                              Dst Addr: WAN address (Assuming this is the IP specified below, else the proper VIP)
                              Dst Port: 80
                              NAT IP: 192.168.0.8
                              NAT Port: 80

                              The corresponding firewall rule on WAN should pass tcp port 80 source any dest 192.168.0.8

                              I have a rule on the LAN side to push everything from 192.168.0.8 to the same WAN gateway with the redirect, and that logs regular DNS traffic from 192.168.0.8 to the world through the correct gateway so I know that the LAN side logging works and traffic is going out of the same net that it should be coming in through.

                              That will only matter for connections ORIGINATING FROM 192.168.0.8.  It has nothing to do with return traffic from the web server for states that were created when the connections came from outside WAN.

                              If you put that in place only to try to fix this port forward, I'd get rid of it.

                              I'm wondering if the NAT redirect somehow bypasses the logging switch but that seem unlikely.

                              I have to be missing something - I've been through all the Port Forward Troubleshooting docs and everything appears obvious and OK, I'll read though the 2.2 manual tonight for more clues.

                              Chattanooga, Tennessee, USA
                              The pfSense Book is free of charge!
                              DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                              Do Not Chat For Help! NO_WAN_EGRESS(TM)

                              1 Reply Last reply Reply Quote 0
                              • E
                                edmund last edited by

                                Thanks - I have fixed it after reading the 2.2 manual (worth every penny of the gold subscription by the way) - the problem appears to be solved by creating a Virtual IP assigned to the address that I wanted to NAT into the LAN.  Deleting and then recreating the NAT rule gave me the option of using the VIP address as the WAN destination … and voila!  It works!

                                Network wrangling is not my day job so my guess at what was happening may not be correct but I'll post what I think was happening...

                                The firewall was on 68.224.223.179 but I was trying to redirect 68.224.223.183 - the clue was that the firewall log never showed anything coming in - reading the manual I started to see that the pfSense address is just that, a single IP address and the packets that I wanted to NAT were never arriving on that address.  So they never got logged of course.

                                My thinking originally was thrown off because I have OPT1 bridged with the pfSense WAN address and a server on OPT1 works fine - but then it's bridged on the WAN side so it would wouldn't it?

                                Thanks for taking the time to look at the problem - I appreciate all the help that I've received here.

                                1 Reply Last reply Reply Quote 0
                                • T
                                  tarmenel last edited by

                                  Thank you. Thank you. Thank you. Thank you. Thank you. Thank you.
                                  You just solved my issue with the Virtual IP.
                                  I've spent weeks trying to get this working.

                                  1 Reply Last reply Reply Quote 0
                                  • W
                                    wwatanabe last edited by

                                    Sorry if I can't post my question here, but I have a similar problem. I'm using PFSense 2.1.5 and it working in all other sites with NAT, MultiWan, etc. But now we have a customer where it's not working.

                                    "Yes, I had RTFM Port Forward Troubleshooting, but it is not helped.Tried google forum, wiki, etc., and my brain is overheated, but i cant find solution :c"

                                    Cenario:

                                    MODEM in Bridge Mode -> (WAN: VALID IP) PFSENSE (LAN: 192.168.10.252) -> LAN -> HOST (IP: 192.168.10.251)

                                    NAT
                                    Interface: WAN
                                    Protocol: TCP/UDP
                                    DST: WAN_Address
                                    DST Port: 43390
                                    Redirect: 192.168.10.251
                                    Redirect Port: 3389
                                    Create new associated filter rule

                                    WAN
                                    Pass
                                    Interface: WAN
                                    TCP/UDP
                                    From: Any
                                    DST: 192.168.10.251
                                    DST Port: 3389

                                    LAN
                                    Allow everything from LAN NET to ANY.

                                    ===================

                                    I tried with other NAT but no one works. VPN also don't work in this installation. I've tried with 2 different ISPs, one with Dynamic Address and other with fixed IP. All of them in bridge and not blocking services. I've tried with other Router and it works.

                                    ===================

                                    I run a TCPDUMP in on of our PFsense where NAT is working and I have:

                                    http://pastebin.com/pJCBgX6x

                                    There are a return from PFSense IP when communication.

                                    On this PFSense where NAT doesn't work the TCPDUMP shows:

                                    tcpdump -ni igb0 | grep 43390
                                    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
                                    listening on igb0, link-type EN10MB (Ethernet), capture size 96 bytes
                                    22:55:12.593966 IP 177.143.120.78.35814 > 200.200.200.200.43390: Flags [ S ], seq 1345026210, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
                                    22:55:15.591285 IP 177.143.120.78.35814 > 200.200.200.200.43390: Flags [ S ], seq 1345026210, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
                                    22:55:21.585046 IP 177.143.120.78.35814 > 200.200.200.200.43390: Flags [ S ], seq 1345026210, win 8192, options [mss 1460,nop,nop,sackOK], length 0

                                    There are no return from host.

                                    =================================

                                    I've tried everything. Inicially I'm using LoadBalance and two links, now I disabled the second link, delete LoadBalance and the problem persist.

                                    Any help ?

                                    ========================

                                    1 Reply Last reply Reply Quote 0
                                    • Derelict
                                      Derelict LAYER 8 Netgate last edited by

                                      Check the default gateway on 192.168.10.251
                                      Check the software firewall on 192.168.10.251

                                      Chattanooga, Tennessee, USA
                                      The pfSense Book is free of charge!
                                      DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                      1 Reply Last reply Reply Quote 0
                                      • W
                                        wwatanabe last edited by

                                        Thanks for fast reply.

                                        I already did it. The gateway is pointing to 192.168.10.252 wich is the LAN IP of PFSense
                                        Firewall Disabled.

                                        The RDP access work fine from LAN.

                                        1 Reply Last reply Reply Quote 0
                                        • Derelict
                                          Derelict LAYER 8 Netgate last edited by

                                          Working from LAN means nothing.  Check the firewall on the host to be sure it allows connections from OTHER THAN LAN.

                                          Chattanooga, Tennessee, USA
                                          The pfSense Book is free of charge!
                                          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                          1 Reply Last reply Reply Quote 0
                                          • W
                                            wwatanabe last edited by

                                            The Firewall on Host is disabled.

                                            The Antivirus is disabled.

                                            I also tried with other Windows Server on the network, same problem.

                                            And tried with other service (DVR) in other host, same problem.

                                            Thanks for helping !
                                            Sorry for my poor english.

                                            1 Reply Last reply Reply Quote 0
                                            • Derelict
                                              Derelict LAYER 8 Netgate last edited by

                                              Well, there's not much else to a port forward, so it has to be something.  Does tcpdump on LAN show the SYNs going from 177.143.120.78 to 192.168.10.251:3389?  What states are created? (Diagnostics > States).

                                              Load sharing…  Are you sure you have the port forward on the interface that has the IP specified?  Are the clients connecting to the right interface?

                                              Chattanooga, Tennessee, USA
                                              The pfSense Book is free of charge!
                                              DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                              Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                              1 Reply Last reply Reply Quote 0
                                              • W
                                                wwatanabe last edited by

                                                I'm new with PFSense and TCPDump, sorry if it's not what you ask.

                                                I Run TCPDump and try to connect with RDP.

                                                ==================
                                                em1 -> LAN

                                                [2.1.5-RELEASE][root@host]/root(14): tcpdump -ni em1 | grep 192.168.10.251.3389
                                                tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
                                                listening on em1, link-type EN10MB (Ethernet), capture size 96 bytes
                                                23:36:44.807796 IP 177.143.120.78.45783 > 192.168.10.251.3389: Flags [ S ], seq 3165976847, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
                                                23:36:44.807877 IP 192.168.10.251.3389 > 177.143.120.78.45783: Flags [S.], seq 3448840707, ack 3165976848, win 16384, options [mss 1460,nop,wscale 0,nop,nop,sackOK], length 0
                                                23:36:44.832998 IP 177.143.120.78.45783 > 192.168.10.251.3389: Flags [.], ack 1, win 4380, length 0
                                                23:36:44.833113 IP 192.168.10.251.3389 > 177.143.120.78.45783: Flags [R], seq 3448840708, win 0, length 0
                                                23:36:44.839389 IP 177.143.120.78.45783 > 192.168.10.251.3389: Flags [P.], ack 1, win 4380, length 19
                                                23:36:44.839444 IP 192.168.10.251.3389 > 177.143.120.78.45783: Flags [R], seq 3448840708, win 0, length 0

                                                ======================

                                                [2.1.5-RELEASE][root@macfw001.macco.local]/root(12): tcpdump -ni em1 | grep 177.143.120.78
                                                tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
                                                listening on em1, link-type EN10MB (Ethernet), capture size 96 bytes
                                                23:35:59.469877 IP 177.143.120.78.46898 > 192.168.10.251.3389: Flags [ S ], seq 1760568614, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
                                                23:35:59.469985 IP 192.168.10.251.3389 > 177.143.120.78.46898: Flags [S.], seq 408005352, ack 1760568615, win 16384, options [mss 1460,nop,wscale 0,nop,nop,sackOK], length 0
                                                23:35:59.492434 IP 177.143.120.78.46898 > 192.168.10.251.3389: Flags [.], ack 1, win 4380, length 0
                                                23:35:59.492551 IP 192.168.10.251.3389 > 177.143.120.78.46898: Flags [R], seq 408005353, win 0, length 0
                                                23:35:59.505291 IP 177.143.120.78.46898 > 192.168.10.251.3389: Flags [P.], ack 1, win 4380, length 19
                                                23:35:59.505347 IP 192.168.10.251.3389 > 177.143.120.78.46898: Flags [R], seq 408005353, win 0, length 0
                                                23:36:00.260803 IP 177.143.120.78.33622 > 192.168.10.251.59387: UDP, length 97
                                                23:36:00.289429 IP 177.143.120.78.33622 > 192.168.10.251.59387: UDP, length 40
                                                23:36:00.289537 IP 192.168.10.251.59387 > 177.143.120.78.33622: UDP, length 52
                                                23:36:05.662522 IP 177.143.120.78.39432 > 192.168.10.251.3389: Flags [ S ], seq 871328353, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
                                                23:36:05.662592 IP 192.168.10.251.3389 > 177.143.120.78.39432: Flags [S.], seq 939867809, ack 871328354, win 16384, options [mss 1460,nop,wscale 0,nop,nop,sackOK], length 0
                                                23:36:05.684492 IP 177.143.120.78.39432 > 192.168.10.251.3389: Flags [.], ack 1, win 4380, length 0
                                                23:36:05.684594 IP 192.168.10.251.3389 > 177.143.120.78.39432: Flags [R], seq 939867810, win 0, length 0
                                                23:36:05.691017 IP 177.143.120.78.39432 > 192.168.10.251.3389: Flags [P.], ack 1, win 4380, length 19
                                                23:36:05.691078 IP 192.168.10.251.3389 > 177.143.120.78.39432: Flags [R], seq 939867810, win 0, length 0
                                                ^C189 packets captured
                                                191 packets received by filter
                                                0 packets dropped by kernel

                                                =======================

                                                There are just a LAN interface, it's connected in the LAN Switch and all Hosts are surfing ok, accessing PFSense as gateway and Proxy/Squid/SquidGuard is working fine.

                                                STATES with 177.143.120.78 (Filtered)

                                                tcp  200.200.200.200:40022 <- 177.143.120.78:48036  ESTABLISHED:ESTABLISHED 
                                                udp  177.143.120.78:33622 <- 192.168.10.251:59387  MULTIPLE:MULTIPLE 
                                                udp  192.168.10.251:59387 -> 200.200.200.200:30913 -> 177.143.120.78:33622  MULTIPLE:MULTIPLE 
                                                tcp  200.200.200.200:40443 <- 177.143.120.78:36373  TIME_WAIT:TIME_WAIT 
                                                tcp  200.200.200.200:40443 <- 177.143.120.78:42641  ESTABLISHED:ESTABLISHED 
                                                tcp  200.200.200.200:40443 <- 177.143.120.78:49046  TIME_WAIT:TIME_WAIT 
                                                tcp  200.200.200.200:40443 <- 177.143.120.78:46285  ESTABLISHED:ESTABLISHED

                                                1 Reply Last reply Reply Quote 0
                                                • W
                                                  wwatanabe last edited by

                                                  http://imgur.com/a/c5sDz

                                                  Image with the Rule and NAT.

                                                  1 Reply Last reply Reply Quote 0
                                                  • Derelict
                                                    Derelict LAYER 8 Netgate last edited by

                                                    I guess I give up.  I could do the same port forward 1000 times and it would work every time.

                                                    Your network is in an extremely insecure state right now.

                                                    Chattanooga, Tennessee, USA
                                                    The pfSense Book is free of charge!
                                                    DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                                    1 Reply Last reply Reply Quote 0
                                                    • Derelict
                                                      Derelict LAYER 8 Netgate last edited by

                                                      It looks like the NAT is working, to me.  No idea why you can't establish a session.

                                                      Chattanooga, Tennessee, USA
                                                      The pfSense Book is free of charge!
                                                      DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                                      1 Reply Last reply Reply Quote 0
                                                      • W
                                                        wwatanabe last edited by

                                                        I put the network in this open situation for testing this NAT problem.

                                                        Thanks a lot for you help. I think I'll try to reinstall PFSense.

                                                        Regards,

                                                        Wellington

                                                        1 Reply Last reply Reply Quote 0
                                                        • johnpoz
                                                          johnpoz LAYER 8 Global Moderator last edited by

                                                          "23:35:59.492551 IP 192.168.10.251.3389 > 177.143.120.78.46898: Flags [R], seq 408005353, win 0, length 0"

                                                          Sure looks like box your trying to rdp to, and was correctly forwarded by pfsense is sending RESET

                                                          So what does that have to do with pfsense??  Why don't you download the sniff and open it in wireshark.. But you need to look on the box to see why its sending RESET!!

                                                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                                                          If you get confused: Listen to the Music Play
                                                          Please don't Chat/PM me for help, unless mod related
                                                          2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                                                          1 Reply Last reply Reply Quote 0
                                                          • Derelict
                                                            Derelict LAYER 8 Netgate last edited by

                                                            Probably disallowing connections from foreign networks but he doesn't want to listen.  "It works fine from LAN."

                                                            Chattanooga, Tennessee, USA
                                                            The pfSense Book is free of charge!
                                                            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                                            1 Reply Last reply Reply Quote 0
                                                            • T
                                                              tom-- 1 last edited by

                                                              Hi farion

                                                              Your dropbox-links are annoying, because they are no longer available - and therefore other users can not benefit from this post: your pictures are missing now :-(

                                                              It would help if you just attach pictures to your posts as other users are doing.

                                                              Thanks a lot in advance,
                                                              kind regards,
                                                              Tom

                                                              1 Reply Last reply Reply Quote 0
                                                              • First post
                                                                Last post