Troubles connecting between two separate pfsense firewalls
-
Podilarius - No I am not able to get to anything other than the LAN IP of Firewall A from Firewall B. Firewall B is able to get to the rest of the world…ie Google, MS, Yahoo, etc. Firewall A is able to get to the outside world.
I have not tried setting anything up behind Firewall B(services http, ftp,etc) and tried to get to it from Firewall A.
On Firewall A i have typical HTTP/HTTPS, SSH ports open.
-
What rules do you have in place on Firewall A?
-
Here are the rules i have setup on Firewall A
* RFC 1918 networks * * * * * Block private networks
* Reserved/not assigned by IANA * * * * * Block bogon networks
TCP * * 209.43.3.148 25 (SMTP) * Hosting - SMTP
TCP * * 209.43.3.148 110 (POP3) * Hosting - POP3
TCP * * 209.43.3.148 80 (HTTP) * Hosting - HTTP -
Assuming there's no VPN between the two, access from B to A should be the same as access from anywhere on the Internet to A. One possible exception is if you're running 1.2.3 on a fresh install, didn't finish the setup wizard (which updates the bogons at the end) and your site B has an IP assignment that's in bogons. If you started with 2.0 that wouldn't be an issue since its bogons list is up to date out of the box since it's a new release. Check the firewall log for blocked traffic on the A side.
-
Both of my Firewalls are 1.2.3. Do I need to update them both?
-
-
I have now upgraded both of my Firewalls to the latest version 2.0. I am still not able to get to the devices behind Firewall A from behind Firewall B.
-
I
m trying to accomplish the same thing, cant. Here`s what I did, what worked, and what did not work. That might help you, and might help people help you (and, think of it, it might help me too!)- I setup a Linux server at some hosted place with a route that basically says: 192.168.1.0/24 via 55.55.55.55 (the public IP of pfSense B)
- configured pfSense to accept all connections from that Linux server
I can ping 192.168.1.x from that server, which is on a totally separate network! Everything works fine.
Now, I have another pfSense (call it pfSense A). I want, from that pfSense diagnostic "ping" screen, to be able to ping 192.168.1.x. I can
t. I cant setup a route, because the route needs a gateway, and that gateway wen being created, needs to be on the same subnet as my pfSense A public IP (which isn't 55.55.55.xx)Is this what you are trying to do too?
-
Yes this is what I am trying to do.
From Firewall B I am able to get to the WAN IP of Firewall A but nothing further…
I have now setup a server behind Firewall B. I am able to get to it from anywhere, including from behind Firewall A....
-
Then haven`t you accomplished what you want? (please tell me how you did this?)
Or is this just through port fowarding?
-
Firewall A has public IP's on both inside and outside interface. I have rules setup for each of the systems on the LAN side for HTTP, SSH, etc. Firewall B is a "typical" router in that it is setup with a Public IP on the WAN and Private IP's on the LAN. I do have multiple Public IP's that I am just port forwarding on Firewall B, in this case to HTTP and SSH.
-
Rules need to be on WAN to allow traffic in from the Internet, not LAN. I suspect your rules aren't permitting the traffic, are you seeing it getting blocked in the firewall log?
-
CMB sorry I do have the rules setup on the WAN interface.
-
I have fixed my problem….finally.
I was finally able to add in a route to Firewall A into Firewall B. This now allows items behind Firewall B to see the servers behind Firewall A.