NATting to a virtual LAN IP
-
Looks like your inbound rules are ok, can please view us information of outbound rules, meaning path: (Firewall: NAT: Outbound)
-
sorry for the late reply. Here's the outbound rules page.
https://dl.dropboxusercontent.com/u/706934/Outbound.pngs
thanks again -
sorry for the late reply. Here's the outbound rules page.
https://dl.dropboxusercontent.com/u/706934/Outbound.pngs
thanks againAtm dropbox views me a 404..
-
Try this one.
https://dl.dropboxusercontent.com/u/706934/Outbound.png
I'm unaware of a .pngs filetype ::)
-
Have you tried to edit that virtual ip with saving it in other type of virtual ip and change it back?`
-
If you also have an Internet gateway on WAN, you'll only need NAT rules for accessing the Internet from LAN and LAN Virtual (looks like a double NAT given your WAN subnet), not for accessing LAN Virtual (192.168.2.0/24) from WAN (192.168.1.0/24).
If you are trying to directly access a LAN Virtual (192.168.2.0/24) host address from a WAN (192.168.1.0/24) client it's not going to work unless:
a) The WAN clients are using pfSense's WAN address as their default gateway.
Or
b) Whatever device is the WAN clients' default gateway has a static route to 192.168.2.0/24 via pfSense's WAN address.
Or
c) You have enabled RIP broadcasting on pfSense's WAN interface and whatever device is the WAN client's default gateway has at least inbound RIP enabled on the interface connected to pfSense.
Or
d) The WAN clients have a static route to 192.168.2.0/24 via pfSense's WAN address. You can configure this via DHCP option 121. Note that when specifying option 121 you must also include the regular default gateway for 0.0.0.0 along with other static routes.Another thing to remember is that the WAN clients' subnet must be /24 or lower or they will only look for 192.168.2.x addresses on the local switch.
-
Stupid question: is all forwarding going to pass if "block RFC1918" on WAN is active?
-
Not if the block rule is above the NAT rule.
-
@KurianOfBorg:
Not if the block rule is above the NAT rule.
So, maxxer has to put his WAN allow rules before RFC1918 blocking rule?
-
IF your WAN subnet is private you shouldn't have the block rule.