[SOLVED] Port forwarding in a dual wan setup is not possible from the internet gateway

kzl · 11-15-2017, 02:03 AM

Hi!

Port forwarding is not working as expected in the following setup. Connection is always timing out.
My provider is detecting the incoming traffic, it seams no issue there.

However, when I try to connect like the following from the TestPC to the Server behind MyRouter
it is working without any problem, port will be forwarded and connection establishes:

Provider_gateway(192.168.3.254)
|
|
|
Switch-------------------TestPC(192.168.3.33)
|
|
MyRouter(192.168.3.24)
|
|
Server(192.168.1.111)

If the connection initiated from the internet -> through a public IP and open port -> to the Provider_gateway,
it is timing out... Why is that?

I've tried to implement the following rule to place load-balancing out of order for the server:
pass in quick on em1 proto tcp from $server route-to $wan_if $wan_gw
--doesn't work.

Here is the complete related configuration:

Code:

int_if = "{ em1 em2 }"
ext_if = "{ em0 em3 }"

lan_if = "em1"
lan_net = "192.168.1.0/24"

lan2_if = "em2"
lan2_net = "192.168.2.0/24"

wan_if = "em0"
wan_gw = "192.168.3.254"

wan2_if = "em3"
wan2_gw = "123.123.123.123"

server = "192.168.1.111"
pc = "192.168.1.23"

set block-policy drop
set loginterface egress
set skip on lo0

block all

pass in quick on em0 proto tcp from any to (em0) port 5000 rdr-to $server port 22
pass out quick on em1 proto tcp from any to $server

match out on $wan_if from $lan_net nat-to ($wan_if)
match out on $wan_if from $lan2_net nat-to ($wan_if)
match out on $wan2_if from $lan_net nat-to ($wan2_if)
match out on $wan2_if from $lan2_net nat-to ($wan2_if)

pass in on $lan_if from $lan_net route-to { ($wan_if $wan_gw) weight 1, ($wan2_if $wan2_gw) weight 15 } round-robin
pass in on $lan2_if from $lan2_net route-to { ($wan_if $wan_gw) weight 1, ($wan2_if $wan2_gw) weight 15 } round-robin

pass out on $ext_if

pass out on $wan_if from $wan2_if route-to ($wan2_if $wan2_gw)
pass out on $wan2_if from $wan_if route-to ($wan_if $wan_gw)

pass in proto tcp from $lan_net to $lan_if
pass in proto udp from $lan_net to $lan_if

pass in proto tcp from $lan2_net to $lan2_if
pass in proto udp from $lan2_net to $lan2_if

pass in on $lan_if from $lan_if:network to $lan2_if:network
pass out on $lan2_if from $lan_if:network to $lan2_if:network

pass in on $lan_if from $pc to $lan_if

Thanks in advance!

kzl · 11-15-2017, 11:13 AM

In case somebody needs the solution:

Code:

pass out quick on em1 proto tcp from any to $server
block log on $ext_if all
match in on $wan_if proto tcp from any to 192.168.3.24 port 5000 rdr-to $server port 22
pass in on $wan_if proto tcp from any to $server port 22 reply-to ($wan_if $wan_gw) set prio 7