Friday, January 15, 2021

Strange NAT issue occuring on single vm, need some insights (TCPDUMP included)

This is now solved!

Hi everyone!

My server recently had a fit, and now one of my ubuntu VMs is acting strangely. I am unable to make a NAT'ed connection over a site-to-site VPN that worked just fine prior to this and I hope someone can shed a light on where the problem might be.

Setup is as follows:

155.55.55.55 (fake) - Public IP of remote side on site-to-site LAN

10.20.0.1 - IP of router/default gateway on remote side of site-to-site VPN.

192.168.0.1 - IP of device setting up local bridging of site-to-site VPN.

10.20.0.203 - IP on site-to-site LAN

Prior to my server having a fit, I had a working forward from 155.55.55.55:80 to 10.20.0.203:80.

The forward would work as follows: Device (pfSense) with 155.55.55.55 on its WAN interface (10.20.0.1 on a LAN interface) is configured to forward port 80 to 10.20.0.203, which is an Ubuntu VM that resides in said LAN, but on the other side of the site-to-site VPN. The bridging to the remote side of the LAN is performed by a pfSense instance as well.

The bridge works just as expected, and is described so you have an idea of the setup.

The problem arises when I attempt to do a NAT from the remote public IP: 155.55.55.55 (80) -> 10.20.0.203 (80)

When I attempt to connect to the public IP on port 80, the forward works just fine towards 10.20.0.203 (80). The problem is that the ubuntu VM doesn't ack the TCP connection, leading to timeouts. You can see an image showing this here: https://i.imgur.com/Ita4b60.png

This is a tcpdump performed on the ubuntu VM that is the destination of the forward. It shows that a telnet connection attempt actually reaches the VM which has netcat listening on port 80 (the big blue bar is my public IP I am trying to access the forward from, you can see on the right it hits *.http, which is port 80.) None of the SYNs are acked, and I do not understand why.

Here is another dump from a host on the remote side LAN (10.20.0.151) connecting with telnet successfully: https://i.imgur.com/p2Y0blq.png

I have ruled out the port forward as an issue, as it works just fine with another exact duplicate freshly installed ubuntu VM. Does anyone have some experience and can guide me on how I should go about diagnosing this?



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)