Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    *HELP* NAT Issue 1:1 and Port Forward dual WAN

    Scheduled Pinned Locked Moved NAT
    3 Posts 1 Posters 924 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Diditbetter
      last edited by

      I have 2 NAT issues..

      ( 1:1 NAT ISSUE )

      Dual WAN Verizon 71.251.9X.XX0 and Bright House 97.79.4X.X14

      Default WAN is Verizon..

      I have 3 1:1 NAT's

      Verizon        –- 71.251.9X.XX1 --- 192.168.0.XX9 --- *
      BrightHouse --- 97.79.4X.X16 --- 192.168.0.XX7 --- *
      BrightHouse --- 97.79.4X.X20 --- 192.168.0.XX8 --- *

      So they all work but a problem I have is say the Verizon one when I go to ipchicken I get the right ip 71.251.9X.XX1 not 71.251.9X.XX0 so 1:1 is working in and out. But the Bright House is going out Verizon on 71.251.9X.XX0 rather then  97.79.4X.X16 or 97.79.4X.X20 for the nat rules.

      I did try and setup an outbound nat as I have it set to "Manual Outbound NAT rule generation
      (AON - Advanced Outbound NAT)" but that made no change.

      ( FTP Port forward issues)

      I have an FTP server setup on 71.251.9X.XX0 and it works local no issues, out side it does not work. But I see pfsense pass the rule and I see in the FTP log it makes it there.

      Failed remote sesion:
      14:55:32 71.180.1X3.2XX 192.168.0.XX9 21 [17]USER anonymous 331 0
      14:55:32 71.180.1X3.2XX 192.168.0.XX9 21 [17]PASS chrome@example.com 230 0
      14:55:32 71.180.1X3.2XX 192.168.0.XX9 21 [17]CWD / 250 0

      Good Local connection:
      14:42:50 192.168.0.XX9 [2]USER anonymous 331 0
      14:42:50 192.168.0.XX9 [2]PASS chrome@example.com 230 0
      14:42:50 192.168.0.XX9 [2]CWD / 250 0
      14:42:50 192.168.0.XX9 [2]QUIT - 226 0

      One thing I see that the remote session is not doing is "14:42:50 192.168.0.XX9 [2]QUIT - 226 0" but I am unsure why. I have ports 20-21 going to the windows ftp server. But it just dies off.

      Any help would be great.

      1 Reply Last reply Reply Quote 0
      • D
        Diditbetter
        last edited by

        I do see this in the show states for:

        VERIZON tcp 192.168.0.xx9:21 (71.251.9x.xx0:21) <- 71.180.18x.xx9:52622 FIN_WAIT_2:FIN_WAIT_2
        LAN tcp 71.180.18x.xx9:52622 -> 192.168.0.xx9:21 FIN_WAIT_2:FIN_WAIT_2
        VERIZON tcp 192.168.0.xx9:21 (71.251.9x.x0:21) <- 71.180.18x.xx9:52639 ESTABLISHED:ESTABLISHED
        LAN tcp 71.180.18x.xx9:52639 -> 192.168.0.xx9:21 ESTABLISHED:ESTABLISHED

        Seems all the FTP connections are doing "FIN_WAIT_2:FIN_WAIT_2" rather then ESTABLISHED:ESTABLISHED.

        1 Reply Last reply Reply Quote 0
        • D
          Diditbetter
          last edited by

          I got FTP to work by setting the passive port range on the ftp server then opening those ports with a nat rule to 192.168.0.xx9 for the ports I opened.

          Seems to be working in chrome in IE I had to turn off passive mode on a remote client to make it work. That seems odd since it worked in chrome but not IE until I turned that off and my understanding that forces it to 20 -21 any way and those were already open.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.