Connecting to computers on a WAN port
-
Hello I and a friend have a wireless bridge spanning 1km and I finally after 2 years found the time to set up a load balancing server with pfsense. But the firewall prevents me from accessing his network aim guessing this is a very easy fix but I just don't have the knowledge so if any one could help me out I really appreciate it
pfsense server
le0 83.161..
le1 172.0.1.0/24 (LAN)
le2 172.0.0.0/24 gateway 172.0.0.1 (Lan + Internet)THE FIX for this problem
enter the new rule for WAN2
Protocol any,Source any,Destination any, Gateway default
enter a new rule for LAN
Protocol any,Source any,source lan subnet, Destination WAN2 subnet, Gateway defaultmake sure the computer is not in the same subnet as WAN2
-
172.0.1.0 is a public IP you shouldn't use that.
allowed private IP's are
192.168.x.x
172.16.x.x ~ 172.31.x.x
10.x.x.xhow did you setup your balancing?
did you change your firewallrules to use the balancing pool?
also you need a rule which excludes the range of your friend from the balancer since you dont want to balance traffic to him. (you cannot reach him over your local WAN)
also you might be interrested that on the "wan" tab there is an option which disables traffic to private IP's on WAN. -
pfsense server
le0 83.161..
le1 172.0.1.0/24 (LAN)
le2 172.0.0.0/24 gateway 172.0.0.1 (Lan + Internet)My outgoing firewall settings
The how-to that I fallowed
http://doc.pfsense.org/index.php/Multi-Wan/Load-BalancingMy friend should also be allowed to access my network and the load balancer
-
remove youre ftp work around
that rule will make it that all the rules below it will never be seen -
Don't think so it redirects to 127.0.0.1 on the load balancer it doesn't show in the overview. As it says in the how to here
But the load balacing works it's just that I can't access the computers on the other side of the WAN2 and they can't use the pfsense gateway
-
FTP/NAT-Reflection Workaround
If you want to connect to a FTP server you need to add this workaround to your LAN tab (or any other internal interface) at the very top of your rules:Protocol any,Source any,Destination 127.0.0.1, Gateway default
Now the packets are forwarded correctly and you can connect to an FTP server. Please note that FTP will always be mapped to WAN only due to the multiport transfer character of this protocol. You also MUST have the ftp-helper enabled at Interfaces>LAN (or any other internal subnet that will use outbound FTP).
you've missconfigured the ftp-workaround rule.
your destination is * (everywhere)
and not 127.0.0.1 -
No I didn’t it's a bug see attachment
But that isn't the question, how can the computers on the other side of the WAN2 access my network and pfsense gateway
EDIT
FIXED
wille just browzing the web interface i found there is a tab WAN2 (didn't see that before)
enter the new rule for WAN2
Protocol any,Source any,Destination any, Gateway default
enter a new rule for LAN
Protocol any,Source any,source lan subnet, Destination WAN2 subnet, Gateway defaultmake sure the computer in LAN is not in the same subnet as WAN2