Two WANs with failover, accessing WAN1 router through WAN2?

jarlel

Thanks, jimp. And that should work even in a failover setup where WAN1 is considered down by pfSense?

jimp

That wouldn't have anything to do with the failover mechanisms, it would work either way.

jarlel

I have tested this now, but I'm not able to connect to the WAN1 router with a normal port forward through WAN2. Did it as you explained, but doesn't work. I'm able to connect to the WAN1 router from the LANs, but the port forwarding through WAN2 doesn't work.

Any idea what I could try?

jimp

You probably need some extra outbound NAT to make sure that things going to the WAN1 modem get NAT applied so it appears to be coming from the firewall's WAN1 IP, otherwise the WAN1 router would be trying to send it back out the dead line.

jarlel

Thanks again. Yes, I see that this is exactly what is happening (through packet capture), it sends the packet out on WAN1 with the originating IP-address (the public IP-address from where I connect from).

How can I modify the NAT to use the WAN1 interface IP for these packets only?

jimp

Make an outbound NAT rule something like this:

Interface: WAN1
Source: Any
Destination: WAN1 modem IP

jarlel

Thanks, I will try that. Can the mode still be "Automatic outbound NAT rule generation" or do I have to switch to "Manual Outbound NAT rule generation" to make this work?

I guess the Destination should be the IP-address of the WAN1 modem with /32 as mask?

Thanks.

jimp

Manual, and yes, it would be the modem ip/32.

jarlel

Ok, will this "break" other outbound traffic NAT'ing, that is do I need to add other rules as well to make outbound traffic/NAT work as before the switch to Manual?

jimp

no, when you switch to manual it makes a proper set of rules that do exactly what automatic was already doing.

jarlel

I tried this and was able to access the WAN1 modem through WAN2, but with a major drawback (Running 2.0.1):

When I switch to "Manual Outbound NAT…" I am not able to access the web (surf), not able to access the WAN2 modem from LAN and so on.
When set to "Manual..." it now uses the host IP on the LAN as from-IP on the WAN-side... When set to "Auto.." it uses the interface IP.

It looks like it DOESN'T add the proper set of rules as you describe? Do I need to add rules for every outbound connection or am I missing something?

Thanks for your prompt reply.

jimp

If your WANs are setup right (gateways exist and are selected on the interface pages, or they're dynamic) then it should be adding outbound NAT rules that cover those networks automatically.

Metu69salemi

Please give us a screenshot, so we could help you bit more

jarlel

I figured it out :-) Added two outbound NAT rules for the interfaces, source "any".

Thanks.