Hi all,
I am quite familiar with port forwarding, using it at roughly 30 other non-Peplink sites, all of which have at least 1 MPLS WAN. To be able to use 3 WANs, we chose the Balance 30 for this site. Two WANs are DSL, the third is an MPLS WAN. It is on the MPLS WAN that I am trying to set up incoming port forwarding (again, done successfully at 30 other sites). However, no matter how I configure things, the only port that is visible from the outside world is the Peplink admin port. That is, nmap of the WAN’s external IP only shows the admin port, despite having other ports on the same WAN, port forwarded. For example, in the following pic I am trying to port forward external wan IP 10.175.243.33:5080 to internal IP 10.175.20.251.
Update: The WAN Routing Mode is IP Forwarding, since it’s part of our MPLS.
Is this a limit of the Balance 30? Any other ideas?
Since you are configured for IP Forwarding the Balance is routing and there is no NAT. Without a NAT there is no need for port forwarding as the Balance will simply route from external to internal.
Thanks for your reply, Ron. Yes, there is a need for port forwarding in this particular case. All of our sites are in a private MPLS network, effectively behaving as a distributed LAN, 10.175.0.0/16. At all the sites EXCEPT the Balance 30 site we run pfsense at the site edge. Within the pfsense sites, I have removed NAT but still port forward the sites external IP to an internal IP, 10.175.x.251, similar to what I attempted to do at the Balance 30 site (see pic in my first posting) - it WORKS! The Balance 30 does not allow me to do that. The requirement to port forward a particular IP is due to how a particular video service is provided to us.
To compensate for this shortcoming, I have since converted the WAN to NAT at the Balance 30 site which defeats the purpose of having an MPLS site and is a step backwards for us. The sole reason for using the Balance 30 was to be able to load balance 3 WANs at the site, the only site where we have more than 2 WANs. It load balances well and I am generally pleased with the product. So far, I have not been able to get pfsense to do the same with 3 WANs but will need to pursue this more aggressively, since staying on NAT in the long term will affect other communication within our MPLS network.
I really appreciate your taking the time to write up this detailed story. This all makes perfect sense.
We will review the DDNS mechanism and help you get around this issue elegantly. We will come back.
