2 routers. Port fwd from R1's WAN to hosts on R2's LAN?
-
I have two sites with a wireless link between them. Each site has its own internet conenction, its own subnet and a PFSense router each. There is a small /29 subnet between the two PFSense devices (Enough for the interface IPs of both routers and management IPs for the wireless devices).
- Everything internal can route fine to everything else internal.
- Each PFSense router has the IP of the other PFSense router specified as a gateway in System > Routing.
- Each PFSense router has a gateway group with its own WAN as Tier 1 and the IP of the other PFSense as Tier 2.
- Failover works perfectly.
- Port forwarding works fine from R1's WAN addresses to R2's LAN hosts only when R2's WAN is down.
Am I correct in saying that reply-to rules are not generated for non-NAT routing and that is my problem? This is my theory on what is happening:
Traffic that applies to the port forward goes in R1's WAN, out R1's interface on the subnet between the routers, in to R2's interface on that subnet, out R2's LAN interface and hits the host. The host attempts to send return traffic, but it hits R2 and R2 sends it out its default gateway (not back the way it came).
Any other ideas and/or workarounds to get port forwarding working from any router to any subnet?
-
If your going to forward traffic in from a different wan than pfsense that is gateway to where your forwarding. Your going to have to source nat traffic so host knows where to send it, or it will just send it to its gateway and its gateway will route it out its gateway.. Why would it route it back to the other pfsense?
-
Why would it route it back to the other pfsense?
Why do firewall rules on normal non-WAN/non-NAT subnets have the following options then:
"Disable reply-to - Disable auto generated reply-to for this rule."
and
"State type" (Default: "Keep")
Doesn't a state with a reply-to mean that it sends return traffic back the way it came?
Is there no way for me to do port forwards from R1's WAN to hosts behind R2, unless R2's WAN goes down then?
-
Does anyone have a way to get traffic to return the way it came in this scenario?
A firewall rule which specifies the source address and port is no good because I need to be able to port forward the same port from either of the two routers.
-
Yes dude source nat it..
How does your client behind R2 know its wan is down.. So its always going to send traffic to its own gateway..
How exactly are you port forwarding via router R2 wan to something behind R1 anyway.. Some sort of failover dns on the internet? How does client on the internet know to go to r2 wan if R1 is down or not down?
Draw up your network please..
