Hello all,

Objective - Connect to services from the Internet hosted on an internal
server assigned an RFC1918 address.

pfSense version 2.4.2-RELEASE-p1

I have followed the instructions listed here - h_t_t_p_s://
doc.pfsense.org/index.php/1:1_NAT

[Setup]

Firewall > Rules > WAN
protocol, source, port, destination, port, gateway, queue
IPv4, *, *, 192.168.1.10, *, *, none,

Firewall > NAT > 1:1

Interface, External IP, Internal IP, Destination IP
WAN, <carp_vip_ip>, 192.168.1.10, *

Problem: Packets returning from 192.168.1.10 stop at the 192.168.1 LAN side
of the pfSense server never leaving the WAN side.

[TEST]

Internet Test Server initiates an SSH connection to the CARP VIP:  ssh
<carp_vip>

Packet Trace:

[TCPDUMP on the 192.168.1.10 Server] - SYN, SYN ACK

06:53:24.130161 IP <internet_test_server>.36896 > 192.168.1.10.22: Flags
[S], seq 650597210, win 29200, options [mss 1460,sackOK,TS val 953815939
ecr 0,nop,wscale 7], length 0
06:53:24.130227 IP 192.168.1.10.22 > <internet_test_server>.36896: Flags
[S.], seq 1752400391, ack 650597211, win 28960, options [mss 1460,sackOK,TS
val 20074848 ecr 953815939,nop,wscale 7], length 0

[TCPDUMP on the pfSense Server LAN side (em2)] - SYN, SYN ACK

06:53:25.351889 IP <internet_test_server>.36896 > 192.168.1.10.22: Flags
[S], seq 650597210, win 29200, options [mss 1460,sackOK,TS val 953815939
ecr 0,nop,wscale 7], length 0
06:53:25.353085 IP 192.168.1.10.22 > <internet_test_server>.36896: Flags
[S.], seq 1752400391, ack 650597211, win 28960, options [mss 1460,sackOK,TS
val 20074848 ecr 953815939,nop,wscale 7], length 0

[TCPDUMP on the pfSense Server WAN side (em1)] - SYN

06:53:25.351739 IP <internet_test_server>.36896 > <carp_vip>.22: Flags [S],
seq 650597210, win 29200, options [mss 1460,sackOK,TS val 953815939 ecr
0,nop,wscale 7], length 0

Problem Note: Packets are not getting forwarded from the LAN interface out
the WAN interface

Thanks in advance,

JD
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Reply via email to