2 WAN - 2 LAN - Portforwarding
-
Why don't you simply create a rule on LAN2 to allow the traffic from the Client (LAN2) to the TestServer (LAN1)?
Is it really needed to go over the internet for your testing purposes?BTW: Gateways should be set on the WAN side.
What are your addresses on WAN1 and WAN2? Are these dynamically assigned public addresses from your ISPs? -
For application developement i need a real world scenario, thats the reason why i should go over the internet, if it is possible. But as i said there seems to be a problem with the gateways for each lan.
WAN1 is dynamically set by ISP (Cable conmection), and WAN2 has a Static IP from my ISP (ADSL Connection).
Greetings
-
Here is what I have setup:
Gateways applied on the WAN interfaces, not on the LAN interfaces.
For each firewall rule that I want to go out a specific WAN interface I explicitly set the Gateway on that firewall rule.
Port Forwarding is applied on the WAN interface in question.What you could try is following:
Find your upstream WAN2 gateway from the static ADSL Connection.
On Check System>Routing>Gateways:- Create a WAN2GW gateway with the information retrieved from your ADSL Connection provider. –> this will be used in the rule as Gateway
- Check if you see a WAN1_DHCP entry here which gives you your current WAN1 address. --> This will be used in the rule as the Destination IP
On Firewall>Rules>LAN2 - Create a rule with Source your Client and as Destination your current WAN1 address, In the Extra Options section Advanced select the WAN2GW.
On Firewall>NAT>Port Forward - Create a rule making sure you select as Interface WAN1 and as Destination 'WAN1 address', select your protocol and port options as needed and for 'Redirect target IP' enter the ip of the TestServer.
You should now be able to connect to your TestServer using the Public WAN1 address.
If this works and you need this setup for a longer time you could think of using 'Dynamic DNS' on WAN1 so you don't need to check your WAN1 address and change the rule whenever your Cable connection gets a new address from your ISP.
-
Thank you i will try that tomorrow and report back.
Greetings
-
Ok this works like a charm, thank you very much! But now i have figured out a new Problem:
I have different Portforwardings like in this example:
- Port 80 Forwarded on Interface WAN1 to LAN1
- Port 443 Forwarded on Interface WAN2 to LAN1
Now if my WAN1 Connection goes down, the Portforwarding (Port 443) on Interface WAN2 to LAN1 is not accessible anymore. What could this be?
Greetings
-
Glad you got it working.
Now if my WAN1 Connection goes down, the Portforwarding (Port 443) on Interface WAN2 to LAN1 is not accessible anymore. What could this be?
If you are trying to access it from on of your internal LAN addresses (LAN1 or LAN2) then my guess it that a basic security feature of pfSense is kicking in.
When you try to access your internal server from within your LAN you most likely use the external address. Since WAN1 is down at that moment the packet goes out via WAN2 and gets routed back into WAN2. If this scenario applies to you then it is your basic LAND attack. https://en.wikipedia.org/wiki/LAND
Your server should however still be reachable from outside of your LAN, so from the Internet. -
The Access from within my LAN via the external address is working fine, for that i have set Pure NAT. But when the WAN1 goes down, the Services arent accessible from outside of the LANs, they are completely down.
Greetings
-
Sorry, but this situation puzzles me too.
I tried to reproduce it but when I disable my WAN1 I get the reverse effect. I can no longer access from inside LAN but access from outside (Internet) remains unaffected. Access to WAN2 and any forwarded services that is.I'm afraid I can't assist you with this one :(
-
And there is no solution to solve this reverse effect? Hmm interesting, that you can accessing from outside the LAN, if the WAN1 is down. How do you configured the WAN1 - LAN1 / WAN2 - LAN2 exactly? i think there is something different on my setup.
-
So after i have done a lot of testing, i think i have found the issue, but now i Need help to solve this, because i am not such familiar with pfsense at the Moment.
The Problem, that occurs is the following: if my wan1 goes down, all Clients inside lan2 (which connects over wan2 to the Internet) are not able to go online. As pointed out in my testing, this seems a dns issue, so i have checked the dns Servers, which are assigned from my isp. If i go to Status -> Interfaces, the isp dns Servers from BOTH wan Connections are showed up on my wan1 Interface. my wan2 Interface does not have any dns Servers listed. Now i Need a way to assign the dns Servers from isp1 to my wan1 Connection, and the dns Servers from isp2 to my wan2 Connection, then i think the Connection from lan2 -> wan2 will work correctly, if it can take the assigned dns Server.
But how to do that?
Greetings
-
Andy,
can you tell me exactly how connect LAN1 to WAN1 and LAN2 to WAN2? -
I have added 2 more interfaces, then named them WAN2 and LAN2. On LAN1 i set the default gateway on the Lan Net to all Rule to WAN1. On the LAN2 i set the Lan2 Net to all Rule to WAN2. Is this not the correct way to achieve this seperate LAN-WAN connection?
Greetings
-
Can you tell me step by step how to set on LAN2 the GW of WAN2 an the rule?
-
Yes for sure. Ok i go to:
Firewall -> Rules -> LAN2
and there i edited the "Default allow LAN2 to any Rule" and selected under Advanced Options -> Gateway my WAN2 Gateway.
I have done the same for the LAN1 - WAN1.
Now i go to System -> Routing and unchecked any default Gateways, so no Gateway is set as Default. Thats all what i have done. I think i missed much more Things do to?
Greetings
-
thanks a lot man….its works perfect!!!! :D
what is your problem exactly?
-
No problem:). My issue is, if wan1 goes down (to test i have unplugged the lancable to wan1), lan2 can not resolve any dns names anymore, so no internet access. Can you test this on your setup?
Greetings
-
I cant, cause my server is dedicated visualization.
but you cant. if you connect WAN1 to LAN1 and WAN2 to LAN2, LAN1 can not see the WAN2.maybe you want third WAN (WAN3) as a fail-over for WAN1 and 2
-
No you missunderstood:). I dont want Failover. If WAN1 goes down, then it is ok, that LAN1 is offline! But my Problem is, that if WAN1 goes down, also LAN2 has no Internet Connection, because there seems to be an issue with dns Resolution. If you unplug WAN1 on your pfsense, can you Access the Internet from LAN2?
Greetings
-
is you wan1 checked as default?
in the System/Routing/Gateways -
No i havent set any gateway as default. Do you set a default gateway in your setup?
Greetings