Two PFsense systems cannot NAT
-
again:
|–-----| |--------|
-- WAN --| PF1 |--LAN------LAN--| PF2 | -- WIFI
|-------| |--------|
| |
DMZ WIFIWhere is the WAN on your pfSense 2?
If your "LAN" is the WAN then it will not work. -
Ok, the chart should look like this:
|–-----| |--------|
-- WAN --| PF1 |--LAN------WAN*-| PF2 | -- WIFI
|-------| |--------|
| |
DMZ WIFI*Wan is 192.168.1.150 (also shown in the images)
-
Is there anyone with a good idea how i can NAT two PfSense systems ?
I can ping both back and forth, however no way I can achieve it. It really drives me crazy.Thanks in advance
-
ok now i'm really confused:
LAN PF1 is 192.168.16.1
*Wan is 192.168.1.150
How should LAN of PF1 be able to communicate with WAN* if they are not in the same subnet?
Maybe you should make a "clear" diagram of which IP-range is where, and what should have access to where.
Whenever i start setting a new network enviroment up i first sit down with a lot of paper and do the planning work without even thinking about plugging any cables anywhere in or setting up any rules.
-
As per your request the diagram:
PFSense1 / Alix 2c1 bios v0.99 / R 1.2RC4 full (on microdrive)
PFSense2 / Alic 2c0 bios v0.99 / R 1.2RC4 full (on microdrive)PF1 vr0 LAN 192.168.16.1/24 DHCP Server
vr1 WAN 10.0.0.10/24 DHCP client from ADSL modem
vr2 DMZ 192.168.1.1/24 DHCP Server
ath0 Wifi A 192.168.4.1/24 DHCP ServerPF2 vr0 LAN 192.168.16.110/24 Static IP
vr1 WAN 192.168.1.150/24 DHCP client assigned by PF1
ath0 WIFI B disabled
ath1 WIFI C disabledI can ping from PF1 to PF2 WAN (192.168.1.150) from WAN / DMZ / WIFI /LAN
I can also ping from PF2 to PF1What I want to achieve is to have access to the WEBgui on PF2 through PF1 to enable remote support. Is there anyone who knows what to do?
It drives me crazy..
-
Did you create an advanced outbound NAT entry for your DMZ (and all other OPTx)?
http://forum.pfsense.org/index.php/topic,7001.0.htmlTry setting the webgui of pfSense2 on port to (something_else_than_80) and create the rule on pfSense1 accordingly.
DONT forward from 85 to 80 at first.
Just a simple 8181 –> 8181 or so -
ok, thanks for your input.
what i did is i reconfigured Webgui on PF2 to port 8181
I created a NAT port under port ForwardAlso created a rule on the WAN. Do not understand what you mean with the Advanced Outbount NAT
Could you please give some guidance.
-
The firewall rule should have as source-port * and NOT 8181.
If a client initiates a connection to you it orginates from a random port. NOT the same as the destination port.To the advanced outbound NAT rule:
Read the link i provided above!:
http://forum.pfsense.org/index.php/topic,7001.0.html
@http://forum.pfsense.org/index.php/topic:If you want to have Internet access from multiple LAN subnets (on various OPTx interfaces) enable Advanced outbound NAT.
You need to create a rule for every subnet you want NAT'ed.
Alternatively you can change the source of single existing rule from LAN to "any" thus NAT'ing everything.
(screenshots to clarify: http://forum.pfsense.org/index.php/topic,7693.0.html )
This might create a problem for FTP with multiWAN
more here: http://forum.pfsense.org/index.php/topic,7096.msg40810.html#msg40810 -
Thanks for the fast response,
It has now be changed. However the AON does bother me. Í've read it several times, but do not fully understand this. does not work yet.
regards,
-
The AoN rule you create basically tells pfSense manually which subnets should be NATed where.
With the rule you created you NAT your DMZ-subnet to WAN (which you want).You will need to create another rule for every subnet you want NATed too (ie. WifiA and LAN in your diagramm).
so it stil does not work.
hmm,….Did you change the source port to * on the pfSense 1 firewall rule too?
-
Yep, the rule in the firewall has also been updated to *
Attached the AON's for the three interfaces.
Still not succesful. Did you read my PM ?
regards,
