Access LAN FROM WAN

esanchez

Hi…
probably this is a very easy to answer question...

I have something like this:
                           --------
    LANA-----------|pfSense|--------LANB
                           --------
(172.16.5.0)                              (172.16.15.0)

pfSense WAN Interface: 172.16.5.5
pfSense LAN Interface: 172.16.15.10

I have access to all LANA from LANB
I can ping both WAN & LAN(172.16.5.5 & 172.16.15.10) Interfaces from LANA
I cannot ping any of the pc's on LANB FROM LANA(i.e. 172.16.15.176) (this is what I want how do I do it?)

Any help would be appreciated..

best regards,
-eduardo s.m.

jigpe

You cannot ping it. Unless if you connect to LANB or LANA. Try to add ICMP in Firewall>Rules
jigp
Davao City

GruensFroeschli

First of all: what is the default gateway of LANA? The pfSense itself?

If not:
Create on this default gateway a static route for LANB pointing to the WAN IP of the pfSense.
Enable "Advance outbount NAT" (outbound tab under firewall –> NAT).
Create additionally to the autogenerated rule a new rule.
This new rule has to be above the autogenerated rule.
Set in the new rule:
No NAT (NOT): yes (activate this)
source: your LANB subnet
destination: your LANA subnet.

Like this you disable NAT for anything from LANB to LANA.

After that go to the WAN config page and uncheck the "Block private networks" checkbox at the bottom.

Next go to the WAN-tab under firewall --> rule.
Create a rule at the top:
allow, source: LANA, destination: LANB

Now you should have a routed, non NATed network.

esanchez

@GruensFroeschli:

First of all: what is the default gateway of LANA? The pfSense itself?

Yes, gateway of LANA is the pfSense itself.

I was wondering…. under System-->Advanced there's an option that says:

"Disable Packet Filtering"
This converts pfSense into a routing only platform
This will turn off NAT!

I checked it, but seems to have the same behaivor... :(

best regards,
-eduardo s.m.

esanchez

@GruensFroeschli:  I did step by step what you said…it's working right now...thank you very much!  ;D

best regards,
-eduardo s.m.

GruensFroeschli

@esanchez:

@GruensFroeschli:

First of all: what is the default gateway of LANA? The pfSense itself?

Yes, gateway of LANA is the pfSense itself.

I was wondering…. under System-->Advanced there's an option that says:

"Disable Packet Filtering"
This converts pfSense into a routing only platform
This will turn off NAT!

I checked it, but seems to have the same behaivor... :(

best regards,
-eduardo s.m.

So if the WAN of the pfSense is the gateway to a whole network…. what is the gateway of the pfsense on the WAN interface?

Disabling the packet filter kind of defeats the purpose of using the pfsense ;)

esanchez

@GruensFroeschli:

So if the WAN of the pfSense is the gateway to a whole network…. what is the gateway of the pfsense on the WAN interface?
...

The gateway for the wan is 172.16.5.10 (it's a vyatta router to another WAN):

–------    wifi-link    ------
    LAN-A -------------> |pfSense| ---------> |vyatta| ---------> LAN-B
[172.16.15.x]                  –------                  ------              [172.16.5.x] 
                              LAN: 172.16.15.10    LAN: 172.16.5.10 
                              WAN: 172.16.5.5

It seems is working now. But I don't know if what I did is correct as I have now the packet filter disabled.

best regards,
-eduardo s.m.

jigpe

Thats all? Can you tell us more story about how you connect them? Thanks
jigp
Davao city

esanchez

how I connect them? didn't understand…
They are connect via wireless access points...  :-\

jigpe

Ahh okay wireless. Thanks for the tips guys :)

Good morning

jigp
Davao City
1.2.2