Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
NAT port forward blocking just from a specific host in a specific condition
« previous
next »
Print
Pages: [
1
]
Author
Topic: NAT port forward blocking just from a specific host in a specific condition (Read 1020 times)
Ernesto Johann
Newbie
Posts: 4
Karma: 0
NAT port forward blocking just from a specific host in a specific condition
«
on:
June 08, 2023, 03:00:01 pm »
I'm using Opnsense last version:
OPNsense 23.1.9-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
(the problem below happened also in a previous version)
1- I have an Alias
IPSAllowed - list of host external IP's allowed
2-I have a NAT port forward rule
source - IPAllowed
source port - any
destination - WAN Address
destination port range - 20000 to 20000
Redirect target IP - 192.168.0.20
Redirect target port - MS RDP
The problem is:
From a lot of different hosts, If I try to access the port 20000,
I can.
BUT from a specific host, If I try to access the port 20000,
I can't !
If I change the NAT port forward rule, and put ANY in the source,
I can access from the specific host also !
Strange is:
1-The specific host IP it's in the Alias host list.
2-The outgoing port is open, because when the rule in Opnsense is ANY, I can access the port
3-The other Internet source hosts can access the port ,even the rule is applied to only hosts sources from the Alias host list
How can I diagnose the problem and solve ?
I did not find in opnsense logs the problem.
Where can I find it ?
Thank you
Logged
Patrick M. Hausen
Hero Member
Posts: 6826
Karma: 573
Re: NAT port forward blocking just from a specific host in a specific condition
«
Reply #1 on:
June 08, 2023, 03:04:08 pm »
Do a tcpdump on WAN for port 20000 and watch if the host in question really uses the IP address you think it does.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Ernesto Johann
Newbie
Posts: 4
Karma: 0
Re: NAT port forward blocking just from a specific host in a specific condition
«
Reply #2 on:
June 09, 2023, 03:25:19 pm »
Thank you pmhausen
With tcpdump I could find the problem
The problem was:
Using
https://whatismyipaddress.com/
in the source I got an external IP adddress
And with tcpdump -n in opnsense it what's displaying that the source was connecting using another external IP number !!!!
Then I allowed this IP and it works
Why
https://whatismyipaddress.com/
does not show the correct number ?
I tested also with
https://www.myip.com/
,
https://ipaddress.my/
,
https://nordvpn.com/pt-br/what-is-my-ip/
All gave me the wrong IP
I tried also in different browsers.
I will also ask to my ISP provider why this happening.
Thank you !!
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: NAT port forward blocking just from a specific host in a specific condition
«
Reply #3 on:
June 09, 2023, 03:32:01 pm »
Corporate machine running ms windows perhaps?
Logged
Ernesto Johann
Newbie
Posts: 4
Karma: 0
Re: NAT port forward blocking just from a specific host in a specific condition
«
Reply #4 on:
June 09, 2023, 03:45:29 pm »
The Source machine is a Home machine, running Windows 10 Home Single Language 22H2
The Destination machine is a Windows 10 Pro 22H2 in a business network with Opnsense as a firewall in the network
I always could connect
Last days ago I changed my internet fiber link ISP provider at home , and since then the sites below does Not show my real external IP address
https://whatismyipaddress.com/
https://whatismyipaddress.com/
https://www.myip.com/
https://ipaddress.my/
https://nordvpn.com/pt-br/what-is-my-ip/
It shows 177.xxx.xxx.xxx (I wrote xxx to not show the real numbers)
I have to use tcpdump -n in opnsense to get my real source IP Address
Tcpdump -n shows 100.xxx.xxx.xxx
Logged
Ernesto Johann
Newbie
Posts: 4
Karma: 0
Re: NAT port forward blocking just from a specific host in a specific condition
«
Reply #5 on:
June 09, 2023, 04:27:34 pm »
Solved - I don't know my, but while my ISP what giving me an Dynamic Internet IP, the IP in source was one and in opnsense tcpdump was another.
MY ISP fixed my external IP , and know tcpdump shows me the same number that I got in the source with
www.myip.com
(I allways have used dynamic Ip's, and it was the fist time I saw this strange behaviour)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
NAT port forward blocking just from a specific host in a specific condition