Routing inside pfSense

JorgeBarosa

Hello can someone help me whith this network cenario:

WAN - Fixed IP atributed by teh ISP by DHCP
LAN Network - 192.168.1.0/24
WiFi Network - 192.168.21.0/24

Email server - 192.168.1.2  255.255.255.0
PC in the wifi network - 192.168.21.x (atributed by DHCP server pfSense)    255.255.255.0

How can I acces port 443 of the email server by a pc in the wifi network.

Thanks

KOM

You could do this using a firewall rule to allow access from OPT1 to LAN:

ID | Proto | Source  | Port | Destination | Port | Gateway | Queue | Schedule | Description
  |  IP4 | OPT1 Net | *    |  192.168.1.2  | 443  |    *    | none  |

JorgeBarosa

Hello Kom,

Yes the mail server has a rule to be acceced from Internet (Port Foward), but it doens't access from the wifi network (internal)!

KOM

Sorry, my question was stupid (I've been doing that a lot lately) and I had to edit my original reply.

Do you already have a base rule to allow OPT1 to access anything?  By default, there is no such rule and OPT1 is isolated.  Do you have NAT Reflection enabled?  To access front-facing servers from within, you either need NAT Reflection or Split DNS.

JorgeBarosa

Sorry !!!

Didn't work !!!

Packet Capture

20:39:51.497295 IP 88.99.77.66.443 > 192.168.21.73.43014: tcp 0
20:39:51.497328 IP 88.99.77.66.443 > 192.168.21.73.43014: tcp 37
20:39:51.497350 IP 88.99.77.66.443 > 192.168.21.73.43014: tcp 0
20:39:51.498625 IP 192.168.21.73.43014 > 88.99.77.66.443: tcp 0
20:39:51.499258 IP 192.168.21.73.43014 > 88.99.77.66.443: tcp 0
20:39:51.499590 IP 192.168.21.73.43014 > 88.99.77.66.443: tcp 0

Thanks

KOM

It would be helpful if you could answer the two questions I asked…

italics

Do you want to make sure that the rule that KOM posted is at the top of the firewall rules page in OPT1? Also, do you have any manual outgoing NAT rules?

JorgeBarosa

Sorry,

Do you already have a base rule to allow OPT1 to access anything?

OPT1
ID | Proto | Source  | Port |    Destination | Port | Gateway | Queue | Schedule | Description
  |  IPv4| OPT1 Net | *    |        *      |  *  |    *    | none  |          |

Do you have NAT Reflection enabled?
That it I tested wihit NAT Refletion  Enable (Pure Nat) and it worked

Thank a lot, you are the greatest  ;)