[Resolvido] Não acessa com IP Externo a partir da rede Interna



  • :DBom dia,

    Pesquisei bastante, fiz vários procedimentos e não deu certo.

    Meu cenário

    PFsense Versão 2.1.5 RELEASE(I386)
    CPU AMD Sempron 2200+
    Memoria: 1,5GB

    Serviços
    Proxy < Desativado
    SquidGuard < Desativado
    DHCP
    DNS

    PROCEDIMENTOS QUE REALIZEI

    • Marquei "NAT Reflection mode for port forwards" selecionando a opção (Enable NAT+Proxy).

    • Desmarquei as Opções em: interfaces > wan > Private networks

    CAPTURA NO WIRESHARK < Essa captura é da mesma maquina que tentei acessar por RDP um servidor que está na rede interna com o endereço IP da rede Externa (187.75.X.X)

    CAPTURA NO PFSENSE INTERFACE WAN

    11:17:30.511911 IP 192.168.200.10.33525 > 187.75.x.x.7000: tcp 0
    11:17:30.512401 IP 187.75.x.x.7000 > 192.168.200.10.33525: tcp 0
    11:17:31.013779 IP 192.168.200.10.43809 > 187.75.x.x.7000: tcp 0
    11:17:31.014153 IP 187.75.x.x.7000 > 192.168.200.10.43809: tcp 0
    11:17:31.513643 IP 192.168.200.10.39378 > 187.75.x.x.7000: tcp 0
    11:17:31.514028 IP 187.75.x.x.7000 > 192.168.200.10.39378: tcp 0

    CAPTURA NO PFSENSE INTERFACE LAN

    11:28:17.826050 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 104
    11:28:17.929711 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 90
    11:28:17.929917 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 0
    11:28:18.042318 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 111
    11:28:18.145732 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 118
    11:28:18.145946 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 0
    11:28:18.155736 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 136
    11:28:18.272158 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 90
    11:28:18.471017 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 41
    11:28:18.471288 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 0
    11:28:18.587542 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 118
    11:28:18.597368 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 142
    11:28:18.697699 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 118
    11:28:18.707361 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 73
    11:28:18.904112 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 104
    11:28:19.071892 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 69
    11:28:19.072056 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 0
    11:28:19.176155 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 118
    11:28:19.186344 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 84
    11:28:19.391965 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:19.400033 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 41
    11:28:19.502842 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 55
    11:28:19.503077 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 0
    11:28:19.632140 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 34
    11:28:19.642449 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 97
    11:28:19.734650 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 41
    11:28:19.744104 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 33
    11:28:19.806453 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 33
    11:28:19.855854 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 33
    11:28:19.862052 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:19.904433 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 33
    11:28:19.917924 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 48
    11:28:19.921100 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 71
    11:28:19.922971 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 53
    11:28:19.958012 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:19.976962 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:20.022527 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
    11:28:20.083075 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:20.215117 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 34
    11:28:20.290519 IP 192.168.0.252.51022 > 187.75.X.X.7000: tcp 0
    11:28:20.291131 IP 187.75.X.X.7000 > 192.168.0.252.51022: tcp 0
    11:28:20.320348 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 118
    11:28:20.320565 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 0
    11:28:20.330479 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 50
    11:28:20.480674 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 34
    11:28:20.490494 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 45
    11:28:20.625034 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 34
    11:28:20.634531 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 115
    11:28:20.694134 IP 177.139.162.88.1279 > 192.168.0.253.7000: tcp 34
    11:28:20.789936 IP 177.139.162.88.1279 > 192.168.0.253.7000: tcp 111
    11:28:20.790812 IP 192.168.0.253.7000 > 177.139.162.88.1279: tcp 0
    11:28:20.802102 IP 192.168.0.253.7000 > 177.139.162.88.1279: tcp 1452
    11:28:20.802225 IP 192.168.0.253.7000 > 177.139.162.88.1279: tcp 1452
    11:28:20.811950 IP 192.168.0.252.51022 > 187.75.X.X.7000: tcp 0
    11:28:20.812866 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:20.812911 IP 187.75.X.X.7000 > 192.168.0.252.51022: tcp 0
    11:28:20.901280 IP 177.139.162.88.1279 > 192.168.0.253.7000: tcp 0
    11:28:20.901718 IP 192.168.0.253.7000 > 177.139.162.88.1279: tcp 1452
    11:28:20.904329 IP 192.168.0.253.7000 > 177.139.162.88.1279: tcp 120
    11:28:20.992157 IP 177.139.162.88.1279 > 192.168.0.253.7000: tcp 0
    11:28:21.115716 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 205
    11:28:21.326210 IP 192.168.0.252.51022 > 187.75.X.X.7000: tcp 0
    11:28:21.327267 IP 187.75.X.X.7000 > 192.168.0.252.51022: tcp 0
    11:28:21.360166 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:21.926663 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 86
    11:28:22.014086 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 62
    11:28:22.026817 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 219
    11:28:22.068076 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:22.077235 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 67
    11:28:22.233679 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:22.259043 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 100
    11:28:22.259071 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
    11:28:22.259094 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
    11:28:22.259114 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
    11:28:22.259133 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
    11:28:22.317956 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:22.318223 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
    11:28:22.318259 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
    11:28:22.319682 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:22.319897 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
    11:28:22.319931 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
    11:28:22.388178 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:22.388427 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
    11:28:22.388486 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
    11:28:22.393049 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:22.393216 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
    11:28:22.393254 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
    11:28:22.441904 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:22.442122 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
    11:28:22.442181 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 59
    11:28:22.446103 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:22.446286 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 67
    11:28:22.446466 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 469
    11:28:22.501072 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:22.501604 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 1415
    11:28:22.501722 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 1399
    11:28:22.505046 IP 177.139.162.88.1443 > 192.168.0.253.7000: tcp 0
    11:28:22.505488 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 1334
    11:28:22.505607 IP 192.168.0.253.7000 > 177.139.162.88.1443: tcp 1372
    11:28:22.557033 IP 192.168.0.253.7000 > 177.139.162.88.1279: tcp 54

    OBS: Instalei o servidor DNS no PFsense porque não tinha outro servidor fazendo essa função, porém, só instalei não fiz nenhuma configuração nem criei Hosts (A).

    Acredito que seja um método fácil, o difícil é encontrar ele.  ;D



  • Olá LeaoNarrdo,

    Pelo que vi você está fazendo um NAT para acesso a uma máquina com endereço privado, não é?

    Acredito que você já tenha visto algum video, mas um que me ajudou a configurar NAT foi esse do link abaixo:

    Youtube Video – [13:00..]

    Talvez ajude!

    Att.



  • Só uma observação não esqueça de fazer um DMZ do modem ADSL para o ip da sua WAN no pfSense.



  • Ainda não deu certo;

    Fiz mais duas capturas de pacotes.

    De um computador Externo:

    14:02:14.866215 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
    14:02:14.867103 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 41
    14:02:14.867290 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
    14:02:14.869098 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 55
    14:02:14.870272 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 62
    14:02:14.870442 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
    14:02:14.871553 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 76
    14:02:14.873051 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 111
    14:02:14.873219 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
    14:02:14.875243 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 90
    14:02:14.876189 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 90
    14:02:14.876351 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
    14:02:14.876451 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 33
    14:02:14.878735 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 76
    14:02:14.884211 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 635
    14:02:14.884461 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
    14:02:14.884879 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
    14:02:14.888399 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 123
    14:02:14.889716 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 121
    14:02:14.904057 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 139
    14:02:14.974257 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 0
    14:02:15.015212 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 0
    14:02:15.024282 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
    14:02:15.157257 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 48
    14:02:15.157497 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
    14:02:15.346091 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
    14:02:15.467719 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 118
    14:02:15.468035 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
    14:02:15.613047 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 97
    14:02:15.703167 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 111
    14:02:15.703419 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
    14:02:15.821560 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 125
    14:02:15.966710 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 118
    14:02:15.966987 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
    14:02:16.037251 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 104
    14:02:16.209214 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 125
    14:02:16.209538 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
    14:02:16.315442 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 83
    14:02:16.315766 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 33
    14:02:16.323703 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 60
    14:02:16.376051 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 0
    14:02:16.438760 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 90
    14:02:16.536153 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
    14:02:16.536431 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
    14:02:16.803515 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
    14:02:16.961123 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
    14:02:16.961363 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
    14:02:17.087540 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 41
    14:02:17.302658 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 41
    14:02:17.302950 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
    14:02:17.430791 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
    14:02:17.446957 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 47
    14:02:17.501701 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 0
    14:02:17.501991 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 0
    14:02:17.546800 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 0
    14:02:17.546914 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 37
    14:02:17.549797 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 0
    14:02:17.549893 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 11
    14:02:17.595573 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 0
    14:02:17.596244 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 454
    14:02:17.596955 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 532
    14:02:17.598731 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
    14:02:17.645733 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 12
    14:02:17.645924 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 8
    14:02:17.646093 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 0
    14:02:17.646281 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 11
    14:02:17.690164 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 12
    14:02:17.693016 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 15
    14:02:17.700594 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 222
    14:02:17.738164 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 12
    14:02:17.738439 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 15
    14:02:17.805961 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 586
    14:02:17.818736 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 12
    14:02:17.818952 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 15
    14:02:17.867604 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 0
    14:02:17.898329 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 12
    14:02:17.898586 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 15
    14:02:17.946128 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 12
    14:02:17.946342 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 15
    14:02:17.987946 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 12
    14:02:17.988238 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 15
    14:02:18.077071 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 12
    14:02:18.077346 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 15
    14:02:18.123396 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 287
    14:02:18.123736 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 361
    14:02:18.123954 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 0
    14:02:18.130332 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 34
    14:02:18.155350 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 34
    14:02:18.189710 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 426
    14:02:18.237376 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 0
    14:02:18.243927 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 0
    14:02:18.247661 IP 177.139.162.88.1640 > 192.168.200.10.7000: tcp 90
    14:02:18.247854 IP 192.168.200.10.7000 > 177.139.162.88.1640: tcp 0
    14:02:18.265261 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 431
    14:02:18.265287 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 49
    14:02:18.265358 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 53
    14:02:18.265620 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 53
    14:02:18.265855 IP 179.208.83.42.38468 > 192.168.200.10.7000: tcp 53
    14:02:18.265993 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 48
    14:02:18.266016 IP 192.168.200.10.7000 > 179.208.83.42.38468: tcp 0

    De um computador Interno

    14:05:12.243510 IP 192.168.200.10.59863 > 187.75.X.X.7000: tcp 0
    14:05:12.244380 IP 187.75.X.X.7000 > 192.168.200.10.59863: tcp 0
    14:05:12.743199 IP 192.168.200.10.17004 > 187.75.X.X.7000: tcp 0
    14:05:12.743622 IP 187.75.X.X.7000 > 192.168.200.10.17004: tcp 0
    14:05:13.243247 IP 192.168.200.10.34890 > 187.75.X.X.7000: tcp 0
    14:05:13.243656 IP 187.75.X.X.7000 > 192.168.200.10.34890: tcp 0

    Notem que a porta de origem no IP 192.168.200.10 muda, isso tem algum problema?



  • CONSEGUI  8)

    Depois de fazer todos os passos descritos acima, não tinha conseguido fazer funcionar.

    Foi muito simples resolver!

    Solução que encontrei

    Criei uma regra de NAT (Firewall > NAT > Port Forward)
    Interface: LAN
    Source: Lan Net
    Source port range: any
    Destination: Single Host or Alias IP: 187.75.X.X < Ip da Rede Externa
    Destination port range: 7000 < Parta da minha Aplicação
    Redirect target IP: 192.168.0.253 < IP do Servidor
    Redirect target port: 7000


Log in to reply