OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: SimpleRezo on February 22, 2017, 01:47:20 pm

Title: [SOLVED] [NAT] Port forwarding fail (17.1.1)
Post by: SimpleRezo on February 22, 2017, 01:47:20 pm

Hi,

I'm new to OPNSense and I have a problem with one of the NAT rules for port forwarding. Let me explain.

We have two Internet connections configured on PFSense: FTTH connection and SDSL connection. From LAN, all trafic go to FTTH WAN (WAN group with FTTH in tier 1 and tier 2 for SDSL)

The problematic rule is:

Code: [Select]

Interface Protocol Source Address & Ports Destination Address & Ports NAT
WAN_FTTH TCP * * WAN_FTTH address 2212 192.168.3.12 22
WAN_SDSL TCP * * WAN_SDSL address 2212 192.168.3.12 22
On one of the two port forwarding rules, it fails:
From Internet : telnet 109.190.x.x 2212 -> Work
From Internet : telnet 92.169.x.x 2212 -> Fail

The actually default gateway is 192.168.0.254 (SDSL modem) and when the default gateway is 192.168.1.1 (FTTH modem), the problem is the opposite:

From Internet : telnet 109.190.x.x 2212 -> Fail
From Internet : telnet 92.169.x.x 2212 -> Work

Specs and details:

Public FTTH IP: 92.169.x.x
Public SDSL IP: 109.190.x.x
OPNSense WAN FTTH: 192.168.1.10
OPNSense WAN SDSL: 192.168.0.64
OPNSense: 192.168.3.1
SSH server: 192.168.3.12

TCPDump on IGB2 (WAN SDSL), with SDSL as default gateway:

Code: [Select]

16:39:29.083394 IP 87.98.x.x.54998 > 192.168.0.64.2212: Flags [.], ack 1, win 1035, options [nop,nop,TS val 924972691 ecr 1172908574], length 0
16:39:29.094761 IP 192.168.0.64.2212 > 87.98.x.x.54998: Flags [P.], seq 1:63, ack 1, win 1035, options [nop,nop,TS val 1172908588 ecr 924972691], length 62
TCPDump on IGB1 (WAN FTTH), with SDSL as default gateway:

Code: [Select]

12:20:56.830552 IP 87.98.x.x.38399 > 192.168.1.10.2212: Flags [S], seq 1399476257, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 995860440 ecr 0], length 0
12:20:56.830798 IP 192.168.3.12.22 > 87.98.x.x.38399: Flags [S.], seq 460914668, ack 1399476258, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val 496530993 ecr 995860440], length 0=> I don't understand why the NAT is not "done" and the source IP of the respond packet is 192.168.3.12 instead of 192.168.1.10

I stay available if you have any questions !

Thanks in advance,

Regards,

Title: Re: [NAT] Port forwarding fail
Post by: harison on February 22, 2017, 02:18:36 pm

Hi! I have a same problem, but if possible would you help for configured a port forward if i have a web server in local and i would allow from wan access.

Title: Re: [NAT] Port forwarding fail
Post by: djGrrr on February 23, 2017, 01:53:14 am

Please upgrade to the latest OPNsense (17.1.2), this _should_ fix this issue

Title: Re: [NAT] Port forwarding fail
Post by: SimpleRezo on February 24, 2017, 12:05:36 pm

Quote from: djGrrr on February 23, 2017, 01:53:14 am

Please upgrade to the latest OPNsense (17.1.2), this _should_ fix this issue

It works well! Thanks!