Accessing LAN from a specific IP from WAN
-
Hello everyone,
last week I got my first installation of pfSense running and I was able to get some bsic things working. During the whole process I'm learning a lot about networks but my overall knowledge is still near zero.
My Network looks roughly like this:Internet (fiber) --- AVM Fritzbox (192.168.188.0/24) --- pfSense --- Homelab (192.168.11.0/24)
Now I would like to connect from one of my devices, that is connected to the Wifi network of the Fritzbox to my homelab services. Unfortunately I have no idea how to solve that problem and open the access for a specific device.
I would really appreciate some help.
-
@maltepk
You have to add a static route on the Fritzbox for 192.168.11.0/24 and point it to pfSense WAN.And on pfSense go to the WAN interface settings and disable "block private networks".
-
@viragomann
I have set the static route ans disabled the WAN "block private networks". Unfortunately it didn't do the trick.Or is the gateway IP I've set in the static route wrong? It is the IP of the WAN of pfSense
-
@maltepk
Yes, the gateway has to be the WAN IP of pfSense.
But as network you have to state the network address, which is 192.168.11.0/24.Also ensure that your home lab devices, which you want to connect to, allow access from outside of their own subnet. By default this is blocked by their own system firewall.
-
@viragomann said in Accessing LAN from a specific IP from WAN:
@maltepk
Yes, the gateway has to be the WAN IP of pfSense.
But as network you have to state the network address, which is 192.168.11.0/24.Also ensure that your home lab devices, which you want to connect to, allow access from outside of their own subnet. By default this is blocked by their own system firewall.
Unfortunately I'm not yet able to access my devices. Are there any other settings I need to change in the pfSense?
-
@maltepk
You added that static route in fritzbox gui, okay.
You disabled "Block private networks" inpfsense WAN Interface, done.
But did you add a rule (WAN Interface) for that ONE IP you want to use to access your network(s) behind pfsense?
Something likeSource IP.YOU.WANT allow Destination LAN (or your subnet VLAN XY) Ports AS WANTED/ALL etc.
-
@maltepk said in Accessing LAN from a specific IP from WAN:
Are there any other settings I need to change in the pfSense?
No. It should work.
I suspect, that your LAN device blocks the access.
To investigate use Diagnostic > Packet Capture to sniff the traffic on the LAN.
E.g. with pinging a LAN device, state icmp for the protocol and the destination IP at the IP / hosts filter. Start the capture and try to ping the machine from outside.
What do you get? -
@the-other said in Accessing LAN from a specific IP from WAN:
@maltepk
You added that static route in fritzbox gui, okay.
You disabled "Block private networks" inpfsense WAN Interface, done.
But did you add a rule (WAN Interface) for that ONE IP you want to use to access your network(s) behind pfsense?
Something likeSource IP.YOU.WANT allow Destination LAN (or your subnet VLAN XY) Ports AS WANTED/ALL etc.
This helped me to get access. Thank you!
-
@maltepk
:) -
@maltepk
You didn't even add a rule to allow this?
pfSense is a firewall!
