OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: junglemattie on May 19, 2016, 03:57:20 pm

Title: [SOLVED] Port forward not working ( RDR )
Post by: junglemattie on May 19, 2016, 03:57:20 pm
Hi,

I seem to have run into a problem that I can't seem to be able to get port forwarding ( NAT RDR ) working.


So lets say I have the following:

vip ip <--RDR NAT --> internal ip

When I create the forwarding rule for ftp for example I do see it listed as RDR rule but the rule doesn't seem to work.

pfctl -s nat shows:
No ALTQ support in kernel
ALTQ related functions disabled
no nat proto carp all
nat-anchor "natearly/*" all
nat-anchor "natrules/*" all
nat on bce1_vlan3 inet from 127.0.0.0/8 to any port = isakmp -> 130.117.75.121 static-port
nat on bce1_vlan3 inet from 192.168.1.0/24 to any port = isakmp -> 130.117.75.121 static-port
nat on bce1_vlan3 inet from 10.0.0.0/24 to any port = isakmp -> 130.117.75.121 static-port
nat on bce1_vlan3 inet from 127.0.0.0/8 to any -> 130.117.75.121 port 1024:65535
nat on bce1_vlan3 inet from 192.168.1.0/24 to any -> 130.117.75.121 port 1024:65535
nat on bce1_vlan3 inet from 10.0.0.0/24 to any -> 130.117.75.121 port 1024:65535
nat on bce3_vlan200 inet from 127.0.0.0/8 to any port = isakmp -> 178.22.83.68 static-port
nat on bce3_vlan200 inet from 192.168.1.0/24 to any port = isakmp -> 178.22.83.68 static-port
nat on bce3_vlan200 inet from 10.0.0.0/24 to any port = isakmp -> 178.22.83.68 static-port
nat on bce3_vlan200 inet from 127.0.0.0/8 to any -> x.x.x.x port 1024:65535
nat on bce3_vlan200 inet from 192.168.1.0/24 to any -> x.x.x.x port 1024:65535
nat on bce3_vlan200 inet from 10.0.0.0/24 to any -> x.x.x.x port 1024:65535
no rdr proto carp all
rdr-anchor "relayd/*" all
no rdr on bce0 proto tcp from any to (bce0) port = https
no rdr on bce0 proto tcp from any to (bce0) port = http
no rdr on bce0 proto tcp from any to (bce0) port = ssh
rdr on bce3_vlan200 inet proto tcp from any port = ftp to x.x.x.x port = ftp -> 192.168.1.148
rdr on bce3_vlan200 inet proto udp from any port = ftp to x.x.x.x port = ftp -> 192.168.1.148
rdr on bce3_vlan200 inet proto tcp from any to x.x.x.x port 1024:65535 -> 192.168.1.148

Also created inbound rule to accept ftp connection but when I try the connection it doesn't work:

External connection:

tcpdump: listening on bce3_vlan200, link-type EN10MB (Ethernet), capture size 65535 bytes
15:56:12.182354 80:71:1f:c0:84:b2 > 10:60:4b:af:d2:96, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 50, id 34416, offset 0, flags [DF], proto TCP (6), length 64)
    149.235.255.3.54915 > x.x.x.x.21: Flags , cksum 0xdef5 (correct), seq 4153531766, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 758637770 ecr 0,sackOK,eol], length 0
15:56:14.188624 80:71:1f:c0:84:b2 > 10:60:4b:af:d2:96, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 51, id 11713, offset 0, flags [DF], proto TCP (6), length 64)
    149.235.255.3.54915 > x.x.x.x.21: Flags , cksum 0xd725 (correct), seq 4153531766, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 758639770 ecr 0,sackOK,eol], length 0
15:56:15.190539 80:71:1f:c0:84:b2 > 10:60:4b:af:d2:96, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 51, id 29698, offset 0, flags [DF], proto TCP (6), length 64)
    149.235.255.3.54915 > x.x.x.x.21: Flags , cksum 0xd33d (correct), seq 4153531766, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 758640770 ecr 0,sackOK,eol], length 0
15:56:16.191868 80:71:1f:c0:84:b2 > 10:60:4b:af:d2:96, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 51, id 15010, offset 0, flags [DF], proto TCP (6), length 64)
    149.235.255.3.54915 > x.x.x.x.21: Flags , cksum 0xcf55 (correct), seq 4153531766, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 758641770 ecr 0,sackOK,eol], length 0

Local connection:

# telnet 192.168.1.148 21
Trying 192.168.1.148...
Connected to 192.168.1.148.
Escape character is '^]'.
220 Welcome to the FTP server

Anyone know what I am doing wrong or what's up with the RDR option of PF?
Title: Re: Port forward not working ( RDR )
Post by: junglemattie on May 20, 2016, 11:33:30 am
You can ignore this request, as I wasn't paying attention to my rulesets.
Title: Re: [SOLVED] Port forward not working ( RDR )
Post by: franco on May 20, 2016, 07:16:29 pm
Out of curiosity... what happened?