Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Trying to translate external ips to get nat to work right. Help.

    General pfSense Questions
    2
    7
    1093
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elementalwindx last edited by

      I have a client where their setup looks like this:

      Cable modem (2.x.x.x)
      |
      Voip edge device (10.x.x.x)
      |
      PFSense showing WAN on 10.x.x.x

      So when I port forward saying "WAN address" for destination, it's looking for 10.x.x.x instead of 2.x.x.x.

      Now this voip device has me in a "dmz passthrough" type zone, but isn't passing ip addresses as such. How can I route say if someone wants to connect to our openvpn server, or even just to test it, the webgui for the router itself on port 80?

      I've tried setting up firewall rules to allow port 80 for dest wan address, single ip address with 2.x.x.x or 10.x.x.x typed in there, and none seem to work.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        You have to port forward to pfSense from the cable modem.

        See problem #8 https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

        In your case the voip device is not between you and the internet, the cable modem is.  Or maybe both.

        1 Reply Last reply Reply Quote 0
        • E
          elementalwindx last edited by

          @Derelict:

          You have to port forward to pfSense from the cable modem.

          See problem #8 https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

          In your case the voip device is not between you and the internet, the cable modem is.  Or maybe both.

          What do you mean? The cable modem is in full pass-through to the voip edge device. The voip edge device is putting the pfsense in a dmz zone forwarding all ports except voice related.

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            OK then it should be working if the "DMZ" is in place.  There are lots of other good troubleshooting steps on that link.
            Diagnostics > Packet Capture WAN on the outside port that should be getting hit and see if the traffic is actually getting there.

            Post what you've done for the Port Forward and its associated WAN firewall rule.

            The outside users will have to connect to the 2. address but it will have nothing to do with anything on the pfSense port forward. pfSense's 10. address on its WAN will be the Destination address and the (as yet unspecified) inside host will be the NAT IP.

            1 Reply Last reply Reply Quote 0
            • E
              elementalwindx last edited by

              @Derelict:

              OK then it should be working if the "DMZ" is in place.  There are lots of other good troubleshooting steps on that link.
              Diagnostics > Packet Capture WAN on the outside port that should be getting hit and see if the traffic is actually getting there.

              Post what you've done for the Port Forward and its associated WAN firewall rule.

              The outside users will have to connect to the 2. address but it will have nothing to do with anything on the pfSense port forward. pfSense's 10. address on its WAN will be the Destination address and the (as yet unspecified) inside host will be the NAT IP.

              Since the pfsense itself is hosting the openvpn, it will be what the firewall rule is for. We have no need for port forwarding to anything inside the network.

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                OK, then you need to Packet Capture to make sure the OpenVPN connections are hitting your WAN port then make sure there's a WAN rule passing the traffic.

                1 Reply Last reply Reply Quote 0
                • E
                  elementalwindx last edited by

                  @Derelict:

                  OK, then you need to Packet Capture to make sure the OpenVPN connections are hitting your WAN port then make sure there's a WAN rule passing the traffic.

                  Well I found out the phone guy reconfigured my pfsense to use dhcp instead of static on the wan, so it wasn't the dmz port. I emailed him and he gave me what is supposedly the dmz port ip. So I assigned that static, and did a packet capture on port 1195 and it captured nothing at all. I guess the ball is in his court now -_-

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy