NAT Firewall problem Showing Internal IP to Public Program
-
Hi, I am trying to use a program called Konect (similar to RDP) to connect to a remote server. If i am behind a linksys router all works fine and fast. If i am behind a pfsense firewall it will not work and we have determined the problem is that the Konect Software is seeing the clients local 192.168.1.x address instead the public IP. This worries me on a couple levels. One it is causing the problem, and two it seems like some bit of a valnerability. Anyone have any help on how to fix or resolve this.
Thanks a lot.
-
I don't know Konect. How's your pfSense setup?
Only thing i found on there website
"The Konect Client download page displays a "The Page Cannot be Displayed" error."@http://www.desktopsites.com/techspt.htm:
This issue can be cause by either A. the internet connections firewall or; B. your main firewall's port forwarding if the user is trying to connect from outside the LAN.
Under your Local Area Connection Properties, select the Advanced tab.
Click Settings to open the firewall properties.
Within the Advanced Settings screen, ensure that Remote Desktop, Secure Web Server (HTTPS) and Web Server (HTTP) are all allowed.
Click the OK button to ensure the settings have been allowed.
If you also have a router/firewall and are encountering this issue when trying to access from a Public IP, forward the port that your Default Website is using (defaults to 80) to your primary Konect server.
-
Ok let me give farther detail. I am running PFsense where the server is hosted as well as where the client is hosted, but only have the problem connecting if the client workstation is behind a pfsense box. If it is behind a simple linksys it work fine. I worked with Konect tech support and they found that when the client connected to the server when the client was behind the pfsense firewall it showed as connecting from an IP of 192.168.1.x, instead of the public IP it should have said it was connecting from. This apparently caused the konect server to try to respone to a local IP instead of the public. Any idea why the pfsense firewall would be showing the workstations internal IP?
-
Ok let me give farther detail. I am running PFsense where the server is hosted as well as where the client is hosted, but only have the problem connecting if the client workstation is behind a pfsense box. If it is behind a simple linksys it work fine. I worked with Konect tech support and they found that when the client connected to the server when the client was behind the pfsense firewall it showed as connecting from an IP of 192.168.1.x, instead of the public IP it should have said it was connecting from. This apparently caused the konect server to try to respone to a local IP instead of the public. Any idea why the pfsense firewall would be showing the workstations internal IP?
That makes it sound like you have a VPN between the two sites possibly? I can't think of any other way you're going to get a private source IP across the Internet. There is almost no chance you can route a private source IP across the Internet, pretty much every ISP is going to drop that ingress and egress.
The only way traffic leaving a WAN interface of pfSense will not get NATed is if you enabled advanced outbound NAT and setup your NAT rules to bypass NAT for that traffic.
-
There is no VPN between the two. But for some reason the public IP isn't registering in the Konect program, but it see's the internal IP of whichever workstation i'm on. Remember only when Pfsense is on the client side, if i change the client side to a linksys it works fine.
-
As i have both types of firewalls here i could try to connect to your server. Just send the ip and account information in a PM.
-
Just some more information. The client is behind a pfsense firewall. The clients IP is 192.168.1.30 The firewall is internal 192.168.1.1 and Public 62.143.25.20, When i connect to the konect server at 62.143.119.74 from my client above if i'm watching the session manager it shows the connection is from 192.168.1.30 if i'm running pfsense on the client side. IF i run linksys on the client side then it will show the correct IP of the connection of 62.143.25.20.
-
You could try to enable static port. http://doc.pfsense.org/index.php/Static_Port
It most probably wont help but you can always try…. ^^" -
I did try that, but it didn't make a difference. Still shows the same.
-
Just wanted to let everyone know it wasn't a Pfsense problem, but a Barracuda Webfilter that was causing the problem, still not sure how, but it was the problem.
