I've just realised that the port forwarding feature on the legacy RSA nodes - <os>-<location>.cryptostorm.net - doesn't seem to be functional. The setup page at http://10.31.33.7/fwd is there and appears to set the mapping (even complaining when you try to set the mapping twice) but telneting to the port from an outside network garners no response whatsoever.
Previously there would be an acknowledgement that the port was open (from telnet and in the logs of my BitTorrent client) but now there is nothing. Was something lost during the upgrade?
[SOLVED] Port Forwarding On Legacy Nodes: Broken?
[SOLVED] Re: Port Forwarding On Legacy Nodes: Broken?
That's odd, they should still work. Only node that had port fwding broken is the new Hong Kong one because I forgot to put the port fwding scripts there :x
Just uploaded/configured them though, so it should work there now.
Can you connect to a node and let me know what node you're on, then enable port fwding for a specific port, then let me know what port you picked? With that info I can look at the iptables rules that get created for the fwding and see if anything's amiss.
It should work though, there's even some code in there for several different things that could potentially go wrong with the setup, and for that it spits out an error then emails me about the error.
Just uploaded/configured them though, so it should work there now.
Can you connect to a node and let me know what node you're on, then enable port fwding for a specific port, then let me know what port you picked? With that info I can look at the iptables rules that get created for the fwding and see if anything's amiss.
It should work though, there's even some code in there for several different things that could potentially go wrong with the setup, and for that it spits out an error then emails me about the error.
[SOLVED] Re: Port Forwarding On Legacy Nodes: Broken?
@df
I'm currently on 128.127.104.111, port number 45886. Try telneting to it and see if you get a response.
I'm currently on 128.127.104.111, port number 45886. Try telneting to it and see if you get a response.
[SOLVED] Re: Port Forwarding On Legacy Nodes: Broken?
I can't telnet to it, but the port fwding rules are there:
DNAT tcp -- 0.0.0.0/0 128.127.104.111 tcp dpt:45886 to:10.66.216.32:45886
DNAT udp -- 0.0.0.0/0 128.127.104.111 udp dpt:45886 to:10.66.216.32:45886
Are you sure you've got something listening on port 45886 on your system? It would need to be bound to either 0.0.0.0 (any/all IPs) or 10.66.216.32
DNAT tcp -- 0.0.0.0/0 128.127.104.111 tcp dpt:45886 to:10.66.216.32:45886
DNAT udp -- 0.0.0.0/0 128.127.104.111 udp dpt:45886 to:10.66.216.32:45886
Are you sure you've got something listening on port 45886 on your system? It would need to be bound to either 0.0.0.0 (any/all IPs) or 10.66.216.32
[SOLVED] Re: Port Forwarding On Legacy Nodes: Broken?
@df
Yep, I have a NAT hole punched in my pfSense firewall for the VPN client address (10.66.216.32) which is in turn forwarded to the VM running my BitTorrent client (which is listening on 45886). Weird - it definitely worked before the upgrade (I checked it with telnet from an outside network).
I'll dig into it more and try to see where the issue is.
Yep, I have a NAT hole punched in my pfSense firewall for the VPN client address (10.66.216.32) which is in turn forwarded to the VM running my BitTorrent client (which is listening on 45886). Weird - it definitely worked before the upgrade (I checked it with telnet from an outside network).
I'll dig into it more and try to see where the issue is.
[SOLVED] Re: Port Forwarding On Legacy Nodes: Broken?
@df
Found it.
In pfSense on the Port Forwarding page, simply creating the rule isn't enough. There's a field near the bottom of the page which says "Filter rule association". The default selection for this is "None" (no doubt for security reasons). To make the rule active, one needs to select "Pass".
Found it.
In pfSense on the Port Forwarding page, simply creating the rule isn't enough. There's a field near the bottom of the page which says "Filter rule association". The default selection for this is "None" (no doubt for security reasons). To make the rule active, one needs to select "Pass".