• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Solved Port forwarding in a dual wan setup is not possible from the internet gateway

Zoltán Kiss

New Member


Messages: 6

#1
Hi!

Port forwarding is not working as expected in the following setup. Connection is always timing out.
My provider is detecting the incoming traffic, it seams no issue there.

However, when I try to connect like the following from the TestPC to the Server behind MyRouter
it is working without any problem, port will be forwarded and connection establishes:

Provider_gateway(192.168.3.254)
|
|
|
Switch-------------------TestPC(192.168.3.33)
|
|
MyRouter(192.168.3.24)
|
|
Server(192.168.1.111)

If the connection initiated from the internet -> through a public IP and open port -> to the Provider_gateway,
it is timing out... Why is that?

I've tried to implement the following rule to place load-balancing out of order for the server:
pass in quick on em1 proto tcp from $server route-to $wan_if $wan_gw
--doesn't work.

Here is the complete related configuration:
Code:
int_if = "{ em1 em2 }"
ext_if = "{ em0 em3 }"

lan_if = "em1"
lan_net = "192.168.1.0/24"

lan2_if = "em2"
lan2_net = "192.168.2.0/24"

wan_if = "em0"
wan_gw = "192.168.3.254"

wan2_if = "em3"
wan2_gw = "123.123.123.123"

server = "192.168.1.111"
pc = "192.168.1.23"

set block-policy drop
set loginterface egress
set skip on lo0

block all

pass in quick on em0 proto tcp from any to (em0) port 5000 rdr-to $server port 22
pass out quick on em1 proto tcp from any to $server

match out on $wan_if from $lan_net nat-to ($wan_if)
match out on $wan_if from $lan2_net nat-to ($wan_if)
match out on $wan2_if from $lan_net nat-to ($wan2_if)
match out on $wan2_if from $lan2_net nat-to ($wan2_if)

pass in on $lan_if from $lan_net route-to { ($wan_if $wan_gw) weight 1, ($wan2_if $wan2_gw) weight 15 } round-robin
pass in on $lan2_if from $lan2_net route-to { ($wan_if $wan_gw) weight 1, ($wan2_if $wan2_gw) weight 15 } round-robin

pass out on $ext_if

pass out on $wan_if from $wan2_if route-to ($wan2_if $wan2_gw)
pass out on $wan2_if from $wan_if route-to ($wan_if $wan_gw)

pass in proto tcp from $lan_net to $lan_if
pass in proto udp from $lan_net to $lan_if

pass in proto tcp from $lan2_net to $lan2_if
pass in proto udp from $lan2_net to $lan2_if

pass in on $lan_if from $lan_if:network to $lan2_if:network
pass out on $lan2_if from $lan_if:network to $lan2_if:network

pass in on $lan_if from $pc to $lan_if
Thanks in advance!
 

Zoltán Kiss

New Member


Messages: 6

#2
In case somebody needs the solution:

Code:
pass out quick on em1 proto tcp from any to $server
block log on $ext_if all
match in on $wan_if proto tcp from any to 192.168.3.24 port 5000 rdr-to $server port 22
pass in on $wan_if proto tcp from any to $server port 22 reply-to ($wan_if $wan_gw) set prio 7
 
Top