No communications between Interfaces using 1:1 NAT
-
Here is my setup:
pfSense: 2.1-Release(amd64)Interfaces:
WAN = 192.168.1.1 (this actually has a public IP assigned to it)
VLAN100 = [GW] = 10.100.100.1
VLAN200 = [GW] = 10.200.200.11:1 NAT:
192.168.1.30 -> 10.100.100.30
192.168.1.45 -> 10.200.200.45Servers:
CentOS #1
IP = 10.100.100.30/24
GW = 10.100.100.1CentOS #2
IP = 10.200.200.45/24
GW = 10.200.200.1Scenario:
1. If I log into CentOS #1 and login to a remote server via ssh I have no problem. If I attempt to log into CentOS #2 via ssh I cannot connect. There are no firewalls (IPTABLES) running on either server at this point.
2. From another remote computer, meaning on that is not behind the pfSEnse firewall, I can ssh into either CentOS #1 or #2 without issues.
3. The issue comes when I attempt to communicate between two servers that are both behind the pfSense firewall AND are on different interfaces/networks.NOTE: I do have the default setting for the WAN interface of "Block private networks". When I unchecked this option is caused my pfSense FW to crash. Because this is a production FW I quickly enabled that option after the FW rebooted after the crash.
My question to this group is do you believe the issue that I am having with communication between servers on different interfaces/networks is being caused by this "Block private networks" option being enabled? If so, does anyone know of a way to disable this without it causing the pfSense FW to crash?
Thank you all for your import.
Rick
-
Do you have FW rules, on both pfSense interfaces, allowing traffic between those network segments ?
-
ptt - Good question and one that I should have provided. For testing purposes I have opened up all traffic into VLAN100 and VLAN200 from the WAN, and I have also opened all traffic out from both VLAN100 and VLAN200. As I mentioned, from a remote computer that is not behind the firewall I can connect to either CentOS #1 or #2 without issues. The issue only arises when trying to go from VLAN100 to a server on VLAN200 or vis-versa. One additional note: If I attempt to ssh from CentOS #1 to CentOS #2, I do receive a login prompt, but entering the correct user and passwork fail. My assumption is that I am somehow being connected to the pfSense FW and not the CentOS #2 server. Not sure why, but I am sure it has to do with the current setup and the issues that I am having.
Thank you again in advance for your help.
Rick