Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.1 Legacy Series
»
[SOLVED] Port forward not working ( RDR )
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Port forward not working ( RDR ) (Read 8041 times)
junglemattie
Newbie
Posts: 7
Karma: 2
[SOLVED] Port forward not working ( RDR )
«
on:
May 19, 2016, 03:57:20 pm »
Hi,
I seem to have run into a problem that I can't seem to be able to get port forwarding ( NAT RDR ) working.
So lets say I have the following:
vip ip <--RDR NAT --> internal ip
When I create the forwarding rule for ftp for example I do see it listed as RDR rule but the rule doesn't seem to work.
pfctl -s nat shows:
No ALTQ support in kernel
ALTQ related functions disabled
no nat proto carp all
nat-anchor "natearly/*" all
nat-anchor "natrules/*" all
nat on bce1_vlan3 inet from 127.0.0.0/8 to any port = isakmp -> 130.117.75.121 static-port
nat on bce1_vlan3 inet from 192.168.1.0/24 to any port = isakmp -> 130.117.75.121 static-port
nat on bce1_vlan3 inet from 10.0.0.0/24 to any port = isakmp -> 130.117.75.121 static-port
nat on bce1_vlan3 inet from 127.0.0.0/8 to any -> 130.117.75.121 port 1024:65535
nat on bce1_vlan3 inet from 192.168.1.0/24 to any -> 130.117.75.121 port 1024:65535
nat on bce1_vlan3 inet from 10.0.0.0/24 to any -> 130.117.75.121 port 1024:65535
nat on bce3_vlan200 inet from 127.0.0.0/8 to any port = isakmp -> 178.22.83.68 static-port
nat on bce3_vlan200 inet from 192.168.1.0/24 to any port = isakmp -> 178.22.83.68 static-port
nat on bce3_vlan200 inet from 10.0.0.0/24 to any port = isakmp -> 178.22.83.68 static-port
nat on bce3_vlan200 inet from 127.0.0.0/8 to any -> x.x.x.x port 1024:65535
nat on bce3_vlan200 inet from 192.168.1.0/24 to any -> x.x.x.x port 1024:65535
nat on bce3_vlan200 inet from 10.0.0.0/24 to any -> x.x.x.x port 1024:65535
no rdr proto carp all
rdr-anchor "relayd/*" all
no rdr on bce0 proto tcp from any to (bce0) port = https
no rdr on bce0 proto tcp from any to (bce0) port = http
no rdr on bce0 proto tcp from any to (bce0) port = ssh
rdr on bce3_vlan200 inet proto tcp from any port = ftp to x.x.x.x port = ftp -> 192.168.1.148
rdr on bce3_vlan200 inet proto udp from any port = ftp to x.x.x.x port = ftp -> 192.168.1.148
rdr on bce3_vlan200 inet proto tcp from any to x.x.x.x port 1024:65535 -> 192.168.1.148
Also created inbound rule to accept ftp connection but when I try the connection it doesn't work:
External connection:
tcpdump: listening on bce3_vlan200, link-type EN10MB (Ethernet), capture size 65535 bytes
15:56:12.182354 80:71:1f:c0:84:b2 > 10:60:4b:af:d2:96, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 50, id 34416, offset 0, flags [DF], proto TCP (6), length 64)
149.235.255.3.54915 > x.x.x.x.21: Flags
, cksum 0xdef5 (correct), seq 4153531766, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 758637770 ecr 0,sackOK,eol], length 0
15:56:14.188624 80:71:1f:c0:84:b2 > 10:60:4b:af:d2:96, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 51, id 11713, offset 0, flags [DF], proto TCP (6), length 64)
149.235.255.3.54915 > x.x.x.x.21: Flags
, cksum 0xd725 (correct), seq 4153531766, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 758639770 ecr 0,sackOK,eol], length 0
15:56:15.190539 80:71:1f:c0:84:b2 > 10:60:4b:af:d2:96, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 51, id 29698, offset 0, flags [DF], proto TCP (6), length 64)
149.235.255.3.54915 > x.x.x.x.21: Flags
, cksum 0xd33d (correct), seq 4153531766, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 758640770 ecr 0,sackOK,eol], length 0
15:56:16.191868 80:71:1f:c0:84:b2 > 10:60:4b:af:d2:96, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 51, id 15010, offset 0, flags [DF], proto TCP (6), length 64)
149.235.255.3.54915 > x.x.x.x.21: Flags
, cksum 0xcf55 (correct), seq 4153531766, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 758641770 ecr 0,sackOK,eol], length 0
Local connection:
# telnet 192.168.1.148 21
Trying 192.168.1.148...
Connected to 192.168.1.148.
Escape character is '^]'.
220 Welcome to the FTP server
Anyone know what I am doing wrong or what's up with the RDR option of PF?
«
Last Edit: May 20, 2016, 06:38:39 pm by AdSchellevis
»
Logged
junglemattie
Newbie
Posts: 7
Karma: 2
Re: Port forward not working ( RDR )
«
Reply #1 on:
May 20, 2016, 11:33:30 am »
You can ignore this request, as I wasn't paying attention to my rulesets.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: [SOLVED] Port forward not working ( RDR )
«
Reply #2 on:
May 20, 2016, 07:16:29 pm »
Out of curiosity... what happened?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.1 Legacy Series
»
[SOLVED] Port forward not working ( RDR )