Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN cannot access private network behind another router

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    3 Posts 3 Posters 325 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sho1sho1sho1
      last edited by

      I have a private network behind my pfsense firewall.

      Router WAN connected to pfsense VLAN 20, Route LAN is 10.0.0.0/8 private network.
      -10.0.0.0/8 Private network
      -VLAN 20 Gateway is 192.168.20.1
      -router WAN IP is 192.168.20.11 dynamically assigned by pfsense VLAN 20 dhcp server
      -router LAN IP is 10.0.0.1

      I am trying to ssh server 10.0.0.198 but cannot get to the server.

      On the router, I set NAT Virtual Server external IP 192.168.20.11 port 22 and internal IP 10.0.0.198 port 22.

      ssh root@192.168.20.11 does not work.

      I can ping 192.168.20.1 and 192.168.20.11. I can get to the router's webgui at 192.168.20.11. But somehow, the port forwarding is not working.

      Does anyone have experiencing in setting this up before?

      Thanks!

      V johnpozJ 2 Replies Last reply Reply Quote 0
      • V
        viragomann @sho1sho1sho1
        last edited by

        @sho1sho1sho1
        Possibly pfSense is listening on port 22.
        Check the settings in System > Advanced > Admin Access > Secure Shell Server.

        Maybe change either port.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @sho1sho1sho1
          last edited by

          @sho1sho1sho1 said in VLAN cannot access private network behind another router:

          -router WAN IP is 192.168.20.11 dynamically assigned by pfsense VLAN 20 dhcp server
          -router LAN IP is 10.0.0.1

          So if your wan of pfsense is rfc1918 this 192.168.20 address. And you want to get to 10.0.0.x on pfsense lan, if pfsense is doing nat.. Yes you would have to setup a port forward.

          Also you would have to disable the block rfc1918 rule on pfsense wan. This rule blocks source IPs of rfc1918, which I would assume your client your trying to ssh to this 10.box is on..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.