OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: namezero111111 on June 12, 2018, 06:07:20 pm

Title: [RESOLVED] Port Forward not working - reply with wrong source port?
Post by: namezero111111 on June 12, 2018, 06:07:20 pm

Dear folks,

I am not seeing this error right away. Trying to NAT and port forward with the following rule as attached.
WAN is 192.168.254.2/24 (NAT If)
LAN is 172.16.16.0/24 (Test If)

While the incoming request is seen, it seem like the outgoing reply is NATed separately with a wrong source port:

Code: [Select]

16:01:11.446958 IP 109.41.1.5.14631 > 192.168.254.2.8080: Flags [S], seq 568671719, win 14600, options [mss 1460,sackOK,TS val 460198899 ecr 0,nop,wscale 9], length 0
16:01:11.447756 IP 192.168.254.2.38922 > 109.41.1.5.14631: Flags [S.], seq 415419811, ack 568671720, win 14480, options [mss 1460,sackOK,TS val 190102564 ecr 460198899,nop,wscale 7], length 0
16:01:12.446936 IP 109.41.1.5.14631 > 192.168.254.2.8080: Flags [S], seq 568671719, win 14600, options [mss 1460,sackOK,TS val 460199899 ecr 0,nop,wscale 9], length 0
16:01:12.447656 IP 192.168.254.2.38922 > 109.41.1.5.14631: Flags [S.], seq 415419811, ack 568671720, win 14480, options [mss 1460,sackOK,TS val 190103563 ecr 460198899,nop,wscale 7], length 0
16:01:12.447755 IP 192.168.254.2.38922 > 109.41.1.5.14631: Flags [S.], seq 415419811, ack 568671720, win 14480, options [mss 1460,sackOK,TS val 190103564 ecr 460198899,nop,wscale 7], length 0
16:01:14.447865 IP 192.168.254.2.38922 > 109.41.1.5.14631: Flags [S.], seq 415419811, ack 568671720, win 14480, options [mss 1460,sackOK,TS val 190105564 ecr 460198899,nop,wscale 7], length 0

Hence, the connection never establishes.

Any idea how this could be misconfigured?

Title: Re: Port Forward not working - reply with wrong source port?
Post by: namezero111111 on June 12, 2018, 06:39:30 pm

The problem was an overlapping outbound NAT.