Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

[SOLVED] Port Forwarding On Legacy Nodes: Broken?

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)
User avatar

Topic Author
parityboy
Site Admin
Posts: 1215
Joined: Wed Feb 05, 2014 3:47 am

[SOLVED] Port Forwarding On Legacy Nodes: Broken?

Post by parityboy » Thu Oct 25, 2018 11:39 pm

I've just realised that the port forwarding feature on the legacy RSA nodes - <os>-<location>.cryptostorm.net - doesn't seem to be functional. The setup page at http://10.31.33.7/fwd is there and appears to set the mapping (even complaining when you try to set the mapping twice) but telneting to the port from an outside network garners no response whatsoever.

Previously there would be an acknowledgement that the port was open (from telnet and in the logs of my BitTorrent client) but now there is nothing. Was something lost during the upgrade?

User avatar

df
Site Admin
Posts: 415
Joined: Thu Jan 01, 1970 5:00 am

[SOLVED] Re: Port Forwarding On Legacy Nodes: Broken?

Post by df » Fri Oct 26, 2018 12:58 am

That's odd, they should still work. Only node that had port fwding broken is the new Hong Kong one because I forgot to put the port fwding scripts there :x
Just uploaded/configured them though, so it should work there now.

Can you connect to a node and let me know what node you're on, then enable port fwding for a specific port, then let me know what port you picked? With that info I can look at the iptables rules that get created for the fwding and see if anything's amiss.
It should work though, there's even some code in there for several different things that could potentially go wrong with the setup, and for that it spits out an error then emails me about the error.

User avatar

Topic Author
parityboy
Site Admin
Posts: 1215
Joined: Wed Feb 05, 2014 3:47 am

[SOLVED] Re: Port Forwarding On Legacy Nodes: Broken?

Post by parityboy » Fri Oct 26, 2018 4:23 pm

@df

I'm currently on 128.127.104.111, port number 45886. Try telneting to it and see if you get a response.

User avatar

df
Site Admin
Posts: 415
Joined: Thu Jan 01, 1970 5:00 am

[SOLVED] Re: Port Forwarding On Legacy Nodes: Broken?

Post by df » Fri Oct 26, 2018 4:28 pm

I can't telnet to it, but the port fwding rules are there:
DNAT tcp -- 0.0.0.0/0 128.127.104.111 tcp dpt:45886 to:10.66.216.32:45886
DNAT udp -- 0.0.0.0/0 128.127.104.111 udp dpt:45886 to:10.66.216.32:45886

Are you sure you've got something listening on port 45886 on your system? It would need to be bound to either 0.0.0.0 (any/all IPs) or 10.66.216.32

User avatar

Topic Author
parityboy
Site Admin
Posts: 1215
Joined: Wed Feb 05, 2014 3:47 am

[SOLVED] Re: Port Forwarding On Legacy Nodes: Broken?

Post by parityboy » Sat Oct 27, 2018 6:05 am

@df

Yep, I have a NAT hole punched in my pfSense firewall for the VPN client address (10.66.216.32) which is in turn forwarded to the VM running my BitTorrent client (which is listening on 45886). Weird - it definitely worked before the upgrade (I checked it with telnet from an outside network).

I'll dig into it more and try to see where the issue is.

User avatar

Topic Author
parityboy
Site Admin
Posts: 1215
Joined: Wed Feb 05, 2014 3:47 am

[SOLVED] Re: Port Forwarding On Legacy Nodes: Broken?

Post by parityboy » Sat Oct 27, 2018 7:58 am

@df

Found it. :D In pfSense on the Port Forwarding page, simply creating the rule isn't enough. There's a field near the bottom of the page which says "Filter rule association". The default selection for this is "None" (no doubt for security reasons). To make the rule active, one needs to select "Pass".


Post Reply