Messages

1

20.7 Legacy Series / Re: 20.7.4 - Port Forwarding issues

« on: November 14, 2020, 07:39:10 am »

* Klug über stupid.

I enabled the offload features, the three of them (while they are disabled by default).
Offload and virtIO don't match well.

Disabling them and rebooting the OPNsense fixed the NAT issue for 20.1.9 and 20.7.4.
It also fixed the thoughput issue with 20.7.4

2

20.7 Legacy Series / Re: 20.7.4 - Port Forwarding issues

« on: November 13, 2020, 06:44:38 pm »

Great.

Not working anymore after a firewall reboot.

3

Hardware and Performance / Re: Poor Throughput (Even On Same Network Segment)

« on: November 13, 2020, 06:13:43 pm »

I had throughput issues with 20.7.4 on Proxmox (6.2-last).
They were related to the "offload feature" enabled (I know, I'm stupid).
Once disabled, everything is OK, maxing out the link.

4

20.7 Legacy Series / Re: 20.7.4 - Port Forwarding issues

« on: November 13, 2020, 06:09:56 pm »

Port forward (the very same one) works out of the box with 20.1.9.

Also, there's no speed issue with this 20.1.9 : I'm maxing out the available bandwith with a simple wget (110 MBps).
In 20.7.4 I can't go beyond 45 KBps.

20.7.4 and KVM (Proxmox 6.2-15) don't seem to get along very well in my case.

5

20.7 Legacy Series / Re: 20.7.4 - Port Forwarding issues

« on: November 13, 2020, 01:35:25 pm »

Pretty sure the windows firewall is blocking the requests coming from outside of its own subnet.

If it was, it would log the discard packets, wouldn't it?
Nothing is logged.
Also, it doesn't work better with firewall disabled on the Windows VM.

But just to be sure, I setup a Linux VM on the same LAN, with the same OPNsense firewall.
Then setup another "port forward" NAT (5000 -> 22).
This one works (beside a huge speed issue).

I'll keep digging Windows VM side.

"port" forwarding ICMP to the Windows VM works.

6

20.7 Legacy Series / Re: 20.7.4 - Port Forwarding issues

« on: November 13, 2020, 11:48:34 am »

Same issue here with 20.7.4

Brand new OPNsense VM. DHCP server enabled (with one reservation).
Followed the exact steps of the guide but port forward does't seem to work (TCP 6666 ->  TCP 3389).

The target computer on the LAN gets its IP address (from DHCP) and can go online (through the OPNsense firewall).
Other computers on the LAN can connect to the target computer (TCP 3389).

The firewall of the target computer sees (and logs) access from other computers from the same LAN.
However it doesn't see anything (ie: it's not refusing/discardin packets, there's no packet) when connection comes from "outside" (through OPNsense).

Tried both an auto rule (WAN) and manual one, same issue.

pfTop show this when trying the connection (xxx.xxx.xxx.xxx is the public IP I'm trying to connect from, 192.168.55.12 is the target computer):

Code: [Select]

tcp       In  xxx.xxx.xxx.xxx:55458               192.168.55.12:3389                 SYN_SENT:ESTABLISHED  00:00:15  00:00:27       12      720
tcp       Out xxx.xxx.xxx.xxx:55458               192.168.55.12:3389              ESTABLISHED:SYN_SENT     00:00:15  00:00:27       12      720
Then after a few seconds:

Code: [Select]

tcp       In  xxx.xxx.xxx.xxx:55458               192.168.55.12:3389                 TIME_WAIT:TIME_WAIT  00:00:15  00:00:27       12      720
tcp       Out xxx.xxx.xxx.xxx:55458               192.168.55.12:3389              TIME_WAIT:TIME_WAIT     00:00:15  00:00:27       12      720