Pfsense with double NAT
-
Since I unchecked the Block private networks, I don't get any block's in my log for the 10.0.0.3, but I am still unable to connect to my device over port 8000. Comcast wise, I have to use theirs because I have phone from them as well :(. So it sort of limits my choices at the moment.
-
Then you got your nat configured wrong.
Did you not let the nat create your wan rule?
Hmm this seems odd as well
192.168.1.6:443 as dst on your wan interface?How did you forward through your TG862 via DMZ or did you setup a specific forward?
Why are you using 8000? Why not just 443, comcast does not block that - I use it to access openvpn on my pfsense.
so you have to forward on TG862 to pfsense wan IP, 10.0.0.3 I believe you set it to be? for whatever port you want. Then on pfsense you need to forward that port to your inside box - assume the 192.168.1.6
if your stuck doing nat because you have phone with them as well, then I would just put your pfsense wan IP in the DMZ of the thing and then you only will have to forward at pfsense for any future ports you want.
-
This is what I was thinking. I have been out of the Pfsense usage for awhile (I switched to a Juniper SSG5, but it was giving me issues with gaming). Anyways, since I did the unblock of private networks, I don't have any logs as I did in the first post. For my arris, the only things I set on that, were in its DMZ, I put my firewalls WAN IP of 10.0.0.3, and I did the same in the arris' port forwarding settings as well using the 10.0.0.3 for that port 8000. I know this sounds kind of cryptic, if you need any screenshots or anything, Ill be glad to post them.
-
Here is my NAT as it is now on the firewall:
-
and where is your firewall wan rule that matches up with that? And dest address should be your WAN address
here are my nats
-
Once you put the 10.0.0.3 in the DMZ you would not also forward ports on it.
-
Here's the firewall rule:
-
So put in your wan address as destination in your nat (this is default why did you change it to *), and verify your alias, why use alias for a private IP address? Alias makes sense if you have a group or something, or something changes like a public fqdn that you don't have control over, etc.. But what do you have sslvpn pointing to? Can it resolve it? Do you have it as IP - why not just put in IP.
There was user back that had typo in his alias 192.163 vs 192.168 or something.
I would just put direct info in - this way you can see everything with one easy view of your rules vs having to look at your aliases, etc.
-
I will give this a try. As far as the NAT goes, when I am under the destination part, it has WAN address, but the field under it will not let me put anything in. Should I just do single host or alias? I appreciate the help!
-
And how many hosts are you going to forward too? Thats 1 right - so why do you need an alias?
Why do you need to put something under Wan Address - is that not going to be the destination IP?? What is normally your Public IP, or in your case 10.0.0.3 which your first router will be NAT inbound traffic to, since you put your pfsense wan IP in its DMZ.
No other forwards on your first router - just the DMZ setting is all that is needed.
