Nating from Wan1 to Wan3

doktornotor

Let me clarify:

So, you have some webserver (???) running on port 8080 which is only accessible via the (unknown flavour of) VPN with RFC1918 (non-public) IP? And you are trying to access that from public IP space via the (at least) triple NAT (modem -> WAN1 -> OpenVPN)?

InserTec

Yes, is correct.

ExternalIp-Modem -> Wan1 -> (Pfsense) -> Wan3 (Cisco) by vpn tunnelled ip nated 192.168.15.1 <-> 10.14.64.33

Thanks very very much for your time.

I attach the rule from lan to 8080 server working ok.-
I need from external ip Wan1 access to this server.-

![Captura de pantalla 2015-06-03 a la(s) 12.18.25.png](/public/imported_attachments/1/Captura de pantalla 2015-06-03 a la(s) 12.18.25.png)
![Captura de pantalla 2015-06-03 a la(s) 12.18.25.png_thumb](/public/imported_attachments/1/Captura de pantalla 2015-06-03 a la(s) 12.18.25.png_thumb)
![Captura de pantalla 2015-06-03 a la(s) 12.18.34.png](/public/imported_attachments/1/Captura de pantalla 2015-06-03 a la(s) 12.18.34.png)
![Captura de pantalla 2015-06-03 a la(s) 12.18.34.png_thumb](/public/imported_attachments/1/Captura de pantalla 2015-06-03 a la(s) 12.18.34.png_thumb)

doktornotor

Can you bridge that modem on WAN1 to get rid of at least one level of NAT?

InserTec

Now is not possible bridge the modem :-[, only i can make a dmz

doktornotor

Is manual NAT (port forward) possible on the modem?
What kind of VPN are you using for the LAN-to-LAN VPN?

I do think this kind of setup is meaningful, or reliable, or anything even remotely close to sane state… Good luck.

InserTec

Yes is posible.
Now i have configurate a dmz to 192.168.2.2, can i disable and make a manual port forward.

doktornotor

What's the VPN?

InserTec

I not understand the question.

The vpn work fine and joins two buildings with other ftth lines.
I only have access to lan of cisco, in 192.168.15.1 as gateway and go correctly to 8080 server in the ip of other building 10.14.64.33.

Sorry my english is horrible and in the vpn im very limited. I only hace access to 192.168.15.x and 192.168.15.1 as gateway to go to the server port 8080.

doktornotor

@InserTec:

I not understand the question.

OpenVPN? IPsec? PPTP? Something else? Or, the VPN is not on pfSense at all?

Well, maybe someone else. There's also Spanish subforum here.

InserTec

Vpn Ipsec and not pfsense is a cisco router 891.
Is connected from lan of cisco to a lan (hardware rj45) in pfsense and i call wan3.

doktornotor

@InserTec:

Is connected from lan of cisco to a lan (hardware rj45) in pfsense and i call wan3.

Calling something WAN when it's in fact NOT a WAN really does NOT help. When you say WAN here -> something usable for generic internet access.

InserTec

please, dont bother with me :'(
Yes, this not is a wan… not resolve internet access only a lan in other building.
Sorry

doktornotor

As hinted above, perhaps posting in the Spanish subforum would get you better understanding…

Provided you can somehow get the traffic across the modem (DMZ, NAT), try with the following NAT rule:

Interface WAN1
Protocol: TCP
Destination: WAN1 Address
Destination port 8080
Redirect Target IP: 10.14.64.33
Redirect target port 8080

Now, you also need a static route set up to 10.14.64.0/24 via the "WAN3".

https://doc.pfsense.org/index.php/Static_Routes

InserTec

Ok Thanks very much doktornotor.

I prepare a post for the spanish forum.

Thanks for your time. :D