Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Trying to translate external ips to get nat to work right. Help.

    General pfSense Questions
    2
    7
    1095
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elementalwindx last edited by

      I have a client where their setup looks like this:

      Cable modem (2.x.x.x)
      |
      Voip edge device (10.x.x.x)
      |
      PFSense showing WAN on 10.x.x.x

      So when I port forward saying "WAN address" for destination, it's looking for 10.x.x.x instead of 2.x.x.x.

      Now this voip device has me in a "dmz passthrough" type zone, but isn't passing ip addresses as such. How can I route say if someone wants to connect to our openvpn server, or even just to test it, the webgui for the router itself on port 80?

      I've tried setting up firewall rules to allow port 80 for dest wan address, single ip address with 2.x.x.x or 10.x.x.x typed in there, and none seem to work.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        You have to port forward to pfSense from the cable modem.

        See problem #8 https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

        In your case the voip device is not between you and the internet, the cable modem is.  Or maybe both.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • E
          elementalwindx last edited by

          @Derelict:

          You have to port forward to pfSense from the cable modem.

          See problem #8 https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

          In your case the voip device is not between you and the internet, the cable modem is.  Or maybe both.

          What do you mean? The cable modem is in full pass-through to the voip edge device. The voip edge device is putting the pfsense in a dmz zone forwarding all ports except voice related.

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            OK then it should be working if the "DMZ" is in place.  There are lots of other good troubleshooting steps on that link.
            Diagnostics > Packet Capture WAN on the outside port that should be getting hit and see if the traffic is actually getting there.

            Post what you've done for the Port Forward and its associated WAN firewall rule.

            The outside users will have to connect to the 2. address but it will have nothing to do with anything on the pfSense port forward. pfSense's 10. address on its WAN will be the Destination address and the (as yet unspecified) inside host will be the NAT IP.

            Chattanooga, Tennessee, USA
            The pfSense Book is free of charge!
            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • E
              elementalwindx last edited by

              @Derelict:

              OK then it should be working if the "DMZ" is in place.  There are lots of other good troubleshooting steps on that link.
              Diagnostics > Packet Capture WAN on the outside port that should be getting hit and see if the traffic is actually getting there.

              Post what you've done for the Port Forward and its associated WAN firewall rule.

              The outside users will have to connect to the 2. address but it will have nothing to do with anything on the pfSense port forward. pfSense's 10. address on its WAN will be the Destination address and the (as yet unspecified) inside host will be the NAT IP.

              Since the pfsense itself is hosting the openvpn, it will be what the firewall rule is for. We have no need for port forwarding to anything inside the network.

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                OK, then you need to Packet Capture to make sure the OpenVPN connections are hitting your WAN port then make sure there's a WAN rule passing the traffic.

                Chattanooga, Tennessee, USA
                The pfSense Book is free of charge!
                DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • E
                  elementalwindx last edited by

                  @Derelict:

                  OK, then you need to Packet Capture to make sure the OpenVPN connections are hitting your WAN port then make sure there's a WAN rule passing the traffic.

                  Well I found out the phone guy reconfigured my pfsense to use dhcp instead of static on the wan, so it wasn't the dmz port. I emailed him and he gave me what is supposedly the dmz port ip. So I assigned that static, and did a packet capture on port 1195 and it captured nothing at all. I guess the ball is in his court now -_-

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post