Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    NAT Firewall problem Showing Internal IP to Public Program

    NAT
    4
    10
    4105
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      newfirewallman last edited by

      Hi, I am trying to use a program called Konect (similar to RDP) to connect to a remote server. If i am behind a linksys router all works fine and fast. If i am behind a pfsense firewall it will not work and we have determined the problem is that the Konect Software is seeing the clients local 192.168.1.x address instead the public IP. This worries me on a couple levels. One it is causing the problem, and two it seems like some bit of a valnerability. Anyone have any help on how to fix or resolve this.

      Thanks a lot.

      1 Reply Last reply Reply Quote 0
      • P
        Perry last edited by

        I don't know Konect. How's your pfSense setup?

        Only thing i found on there website
        "The Konect Client download page displays a "The Page Cannot be Displayed" error."

        @http://www.desktopsites.com/techspt.htm:

        This issue can be cause by either A. the internet connections firewall or; B. your main firewall's port forwarding if the user is trying to connect from outside the LAN.

        Under your Local Area Connection Properties, select the Advanced tab.

        Click Settings to open the firewall properties.

        Within the Advanced Settings screen, ensure that Remote Desktop, Secure Web Server (HTTPS) and Web Server (HTTP) are all allowed.

        Click the OK button to ensure the settings have been allowed.

        If you also have a router/firewall and are encountering this issue when trying to access from a Public IP, forward the port that your Default Website is using (defaults to 80) to your primary Konect server.

        1 Reply Last reply Reply Quote 0
        • N
          newfirewallman last edited by

          Ok let me give farther detail. I am running PFsense where the server is hosted as well as where the client is hosted, but only have the problem connecting if the client workstation is behind a pfsense box. If it is behind a simple linksys it work fine. I worked with Konect tech support and they found that when the client connected to the server when the client was behind the pfsense firewall it showed as connecting from an IP of 192.168.1.x, instead of the public IP it should have said it was connecting from. This apparently caused the konect server to try to respone to a local IP instead of the public. Any idea why the pfsense firewall would be showing the workstations internal IP?

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            @newfirewallman:

            Ok let me give farther detail. I am running PFsense where the server is hosted as well as where the client is hosted, but only have the problem connecting if the client workstation is behind a pfsense box. If it is behind a simple linksys it work fine. I worked with Konect tech support and they found that when the client connected to the server when the client was behind the pfsense firewall it showed as connecting from an IP of 192.168.1.x, instead of the public IP it should have said it was connecting from. This apparently caused the konect server to try to respone to a local IP instead of the public. Any idea why the pfsense firewall would be showing the workstations internal IP?

            That makes it sound like you have a VPN between the two sites possibly? I can't think of any other way you're going to get a private source IP across the Internet. There is almost no chance you can route a private source IP across the Internet, pretty much every ISP is going to drop that ingress and egress.

            The only way traffic leaving a WAN interface of pfSense will not get NATed is if you enabled advanced outbound NAT and setup your NAT rules to bypass NAT for that traffic.

            1 Reply Last reply Reply Quote 0
            • N
              newfirewallman last edited by

              There is no VPN between the two. But for some reason the public IP isn't registering in the Konect program, but it see's the internal IP of whichever workstation i'm on. Remember only when Pfsense is on the client side, if i change the client side to a linksys it works fine.

              1 Reply Last reply Reply Quote 0
              • P
                Perry last edited by

                As i have both types of firewalls here i could try to connect to your server. Just send the ip and account information in a PM.

                1 Reply Last reply Reply Quote 0
                • N
                  newfirewallman last edited by

                  Just some more information. The client is behind a pfsense firewall. The clients IP is 192.168.1.30 The firewall is internal 192.168.1.1 and Public 62.143.25.20, When i connect to the konect server at 62.143.119.74 from my client above if i'm watching the session manager it shows the connection is from 192.168.1.30 if i'm running pfsense on the client side. IF i run linksys on the client side then it will show the correct IP of the connection of 62.143.25.20.

                  1 Reply Last reply Reply Quote 0
                  • GruensFroeschli
                    GruensFroeschli last edited by

                    You could try to enable static port. http://doc.pfsense.org/index.php/Static_Port
                    It most probably wont help but you can always try…. ^^"

                    1 Reply Last reply Reply Quote 0
                    • N
                      newfirewallman last edited by

                      I did try that, but it didn't make a difference. Still shows the same.

                      1 Reply Last reply Reply Quote 0
                      • N
                        newfirewallman last edited by

                        Just wanted to let everyone know it wasn't a Pfsense problem, but a Barracuda Webfilter that was causing the problem, still not sure how, but it was the problem.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post

                        Products

                        • Platform Overview
                        • TNSR
                        • pfSense Plus
                        • Appliances

                        Services

                        • Training
                        • Professional Services

                        Support

                        • Subscription Plans
                        • Contact Support
                        • Product Lifecycle
                        • Documentation

                        News

                        • Media Coverage
                        • Press
                        • Events

                        Resources

                        • Blog
                        • FAQ
                        • Find a Partner
                        • Resource Library
                        • Security Information

                        Company

                        • About Us
                        • Careers
                        • Partners
                        • Contact Us
                        • Legal
                        Our Mission

                        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                        Subscribe to our Newsletter

                        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                        © 2021 Rubicon Communications, LLC | Privacy Policy