• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Firewall (nat) -> pfsense-FW -> local computers (How do i forward ports?)

Scheduled Pinned Locked Moved General pfSense Questions
3 Posts 2 Posters 1.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    kallegr
    last edited by Nov 25, 2014, 6:47 PM

    Hello,

    we´ve got a Fortinet-Firewall with 3 Interfaces (WAN, LAN, DMZ). there are portforwardings from WAN to LAN!!!

    WAN (Internet)
    (((Fortinet)))  DMZ (192.168.1.1)
    LAN (10.10.10.1) 
      |
    local computers/fileserver (10.10.10.x/24)

    yet on LAN (10.10.10.1) are normal computers and some (file-server, sql-server)

    now, we would like to implement pfsense with captive-portal between lan on fortinet-firewall and local computers.

    new configuration should look a bit like this:

    WAN
    (((Fortinet))) DMZ (192.168.1.1) –- DMZ (192.168.1.x/24)
    LAN
      |
    WAN
    (((pfsense)))
    LAN (10.10.10.1)
      |
    local computers (10.10.10.x/24)

    some conditions:
    1. Fortinet will stay
    2. Bridging WAN/LAN-Ports on pfSense is no option, as transparent proxy won´t work with that
    3. subnet of lan (10.10.10.x) could not be changed

    • how can i do the portforwarding from WAN to LAN(10.10.10.x), if there is a new pfsense between fortinet and local computers.
    • local computers from (10.10.10.x) should be able to get the DMZ (192.168.1.x) - i think this will work with routing...

    main problem is: how do i forward ports from WAN (fortinet) to LAN (10.10.10.x) behind pfsense firewall…

    thank you

    kallegr

    1 Reply Last reply Reply Quote 0
    • D
      Derelict LAYER 8 Netgate
      last edited by Nov 25, 2014, 8:36 PM Nov 25, 2014, 8:30 PM

      @kallegr:

      Hello,

      we´ve got a Fortinet-Firewall with 3 Interfaces (WAN, LAN, DMZ). there are portforwardings from WAN to LAN!!!

      WAN (Internet)
      (((Fortinet)))  DMZ (192.168.1.1)
      LAN (10.10.10.1) 
        |
      local computers/fileserver (10.10.10.x/24)

      yet on LAN (10.10.10.1) are normal computers and some (file-server, sql-server)

      now, we would like to implement pfsense with captive-portal between lan on fortinet-firewall and local computers.

      new configuration should look a bit like this:

      WAN
      (((Fortinet))) DMZ (192.168.1.1) –- DMZ (192.168.1.x/24)
      LAN
        |
      WAN
      (((pfsense)))
      LAN (10.10.10.1)
        |
      local computers (10.10.10.x/24)

      some conditions:
      1. Fortinet will stay
      2. Bridging WAN/LAN-Ports on pfSense is no option, as transparent proxy won´t work with that
      3. subnet of lan (10.10.10.x) could not be changed

      • how can i do the portforwarding from WAN to LAN(10.10.10.x), if there is a new pfsense between fortinet and local computers.

      That's a question for fortinet since that's where NAT is going to have to happen between fortinet WAN and 10.10.10.X

      • local computers from (10.10.10.x) should be able to get the DMZ (192.168.1.x) - i think this will work with routing…

      main problem is: how do i forward ports from WAN (fortinet) to LAN (10.10.10.x) behind pfsense firewall…

      Fortinet problem.  You should just disable NAT on pfSense and tell your fortinet to route 10.10.10.X to whatever pfSense's WAN address is on LAN.  I know exactly what NAT rules and routes you would need on pfSense.  Fortinet, not so much.  Sorry.

      And I'm not sure you're using the term portforwarding correctly.  port forwarding usually implies inbound connections on WAN forwarded to private hosts.  Doing that to captive portal-bound hosts that might or might not have an active captive portal entry sounds like a total cluster.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • K
        kallegr
        last edited by Nov 26, 2014, 11:04 AM

        Thank you!

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received