Solved Port forwarding in a dual wan setup is not possible from the internet gateway

Z

Zoltán Kiss

Hi!

Port forwarding is not working as expected in the following setup. Connection is always timing out.
My provider is detecting the incoming traffic, it seams no issue there.

However, when I try to connect like the following from the TestPC to the Server behind MyRouter
it is working without any problem, port will be forwarded and connection establishes:

Provider_gateway(192.168.3.254)
|
|
|
Switch-------------------TestPC(192.168.3.33)
|
|
MyRouter(192.168.3.24)
|
|
Server(192.168.1.111)

If the connection initiated from the internet -> through a public IP and open port -> to the Provider_gateway,
it is timing out... Why is that?

I've tried to implement the following rule to place load-balancing out of order for the server:
pass in quick on em1 proto tcp from $server route-to $wan_if $wan_gw
--doesn't work.

Here is the complete related configuration:
Code: 
int_if = "{ em1 em2 }"
ext_if = "{ em0 em3 }"

lan_if = "em1"
lan_net = "192.168.1.0/24"

lan2_if = "em2"
lan2_net = "192.168.2.0/24"

wan_if = "em0"
wan_gw = "192.168.3.254"

wan2_if = "em3"
wan2_gw = "123.123.123.123"

server = "192.168.1.111"
pc = "192.168.1.23"

set block-policy drop
set loginterface egress
set skip on lo0

block all

pass in quick on em0 proto tcp from any to (em0) port 5000 rdr-to $server port 22
pass out quick on em1 proto tcp from any to $server

match out on $wan_if from $lan_net nat-to ($wan_if)
match out on $wan_if from $lan2_net nat-to ($wan_if)
match out on $wan2_if from $lan_net nat-to ($wan2_if)
match out on $wan2_if from $lan2_net nat-to ($wan2_if)

pass in on $lan_if from $lan_net route-to { ($wan_if $wan_gw) weight 1, ($wan2_if $wan2_gw) weight 15 } round-robin
pass in on $lan2_if from $lan2_net route-to { ($wan_if $wan_gw) weight 1, ($wan2_if $wan2_gw) weight 15 } round-robin

pass out on $ext_if

pass out on $wan_if from $wan2_if route-to ($wan2_if $wan2_gw)
pass out on $wan2_if from $wan_if route-to ($wan_if $wan_gw)

pass in proto tcp from $lan_net to $lan_if
pass in proto udp from $lan_net to $lan_if

pass in proto tcp from $lan2_net to $lan2_if
pass in proto udp from $lan2_net to $lan2_if

pass in on $lan_if from $lan_if:network to $lan2_if:network
pass out on $lan2_if from $lan_if:network to $lan2_if:network

pass in on $lan_if from $pc to $lan_if
Thanks in advance!
 
In case somebody needs the solution:

Code: 
pass out quick on em1 proto tcp from any to $server
block log on $ext_if all
match in on $wan_if proto tcp from any to 192.168.3.24 port 5000 rdr-to $server port 22
pass in on $wan_if proto tcp from any to $server port 22 reply-to ($wan_if $wan_gw) set prio 7
 
are you sure freebsd supports round robin weighted?? The is no reference in the man pages,
and my rule gives me a syntax error:

pass in on $int_if from $int_if:network route-to { ($ext_if $ext_gw) weight 1, ($ext_if2 $ext_gw2) weight 15 } round-robin
 
I think the are some core differences between OpenBSD pf and the FreeBSD's one...

OpenBSD man page pf.conf(5) confirm that, you can use weight in OpenBSD, not mentioned in pf.conf(5) FreeBSD man page
 
FreeBSD's PF is based on the version of PF from OpenBSD 4.1.
 
You must log in or register to reply here.
Back
Top