On Thu, May 24, 2012 at 8:46 PM, Joseph Rotan <[email protected]>wrote:
> Bula Klaus, > > please note that I'm still getting logs from my test remote site that my > pfsense firewall still blocks incoming packets from it and due this packets > could not reach my local server. > > Any help please as it has delaying the production for our launch. > > Thanks > > Joseph. > > > On Fri, May 25, 2012 at 6:43 AM, Joseph Rotan <[email protected]>wrote: > >> Hi Klaus, >> >> yes I want to use Port 3001 for my external IPs, I will try it out today >> and reset with my remote sites if their IP (59.160.200.199 and >> 200.6.14.60) can drop packets on my LAN server IP (192.168.9.10) >> >> A many thanks for your help. >> >> >> Kind Regards >> >> Joseph. >> >> On Thu, May 24, 2012 at 6:21 PM, Klaus Wunder <[email protected]>wrote: >> >>> Hi, >>> >>> I have edit your table. I think it have to look like this. >>> >>> Do you want to use the Port 3001 for the external IPs? >>> >>> Regards >>> >>> Klaus >>> >>> >>> Hi, >>> >>> i'm currently using pfsense 2.0 for my system LAN firewall for 3 years >>> now and been having problems configuring it right to port forward a static >>> external IP adress of our remote test site server to NAT it with one of my >>> server LAN IP address. >>> >>> Below is the table of how I configure it so the 2 external IP address >>> (59.160.200.199 and 200.6.14.60) on port 5001 can communicate with my LAN >>> server IP address 192.168.9.10 >>> >>> >>> *Pfsense Version 2.0* >>> >>> *Firewall: Rules* >>> >>> Protocol >>> >>> Source >>> >>> Port >>> >>> Destination >>> >>> Port >>> >>> Gateway >>> >>> Schedule >>> >>> Description >>> >>> TCP >>> >>> any >>> >>> any >>> >>> 59.160.200.199 >>> >>> 3001 >>> >>> Any >>> >>> >>> >>> NAT >>> >>> TCP >>> >>> any >>> >>> any >>> >>> 200.6.14.60 >>> >>> 3001 >>> >>> Any >>> >>> >>> >>> NAT >>> >>> * * >>> >>> *Firewall: NAT: Port Forward* >>> >>> If >>> >>> Protocol >>> >>> Source address >>> >>> Source port >>> >>> Destination address >>> >>> Destination port >>> >>> NAT IP >>> >>> NAT port >>> >>> WAN >>> >>> TCP >>> >>> any >>> >>> any >>> >>> 59.160.200.199 >>> >>> 3001 >>> >>> 192.168.9.10 >>> >>> 5001 >>> >>> WAN >>> >>> TCP >>> >>> any >>> >>> any >>> >>> 200.6.14.60 >>> >>> 3001 >>> >>> 192.168.9.10 >>> >>> 5001 >>> >>> >>> >>> Attached please find my Network setup. >>> >>> Please advise is the correct way to configure port forward on a pfsense >>> using an 2 external remote IP address to talk with my LAN server machine. >>> >>> >>> >>> Thanks >>> >>> >>> >>> Joseph. >>> >>> >>> <Network diagram.jpg> >>> >>> > Joseph, Most services that I know of do not use the same source port number as the destination port number. The operating system picks a random port number greater than 1-24 (and usually greater than 10000) for the outgoing connection. Did you make all of Klaus' suggested changes to your rules? They include changing the source port from 3001 to "any". Check the firewall log to see if it is blocking the packets. Go to "Status" -> "System Logs" and click the "Firewall" tab. Look for entries coming from the outside IP addresses that you specified. It may also help to check general network connectivity. See if your pfSense box can ping and/or traceroute to the internal and external hosts. If you add a rule on the WAN to pass ICMP traffic, you can ping from the remote hosts to your pfSense to confirm that you don't have a network issue there. You should also make sure that your rules are consistent because your original table had some *3*001 and some *5*001. Moshe -- Moshe Katz -- [email protected] -- +1(301)867-3732
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
