Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing between 2 pfsense

    Routing and Multi WAN
    2
    4
    831
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      VS_IT
      last edited by

      I hope this is in the right location. I'm new to this forum and dealing with multiple location routers.

      We're trying to setup external access to some air conditioners at different branches within a library system. This is the first time we've needed any external traffic to touch multiple branches instead of just one.

      All branches are connected via VPN.

      The first router exists at Branch A.

      This is also the only NAT table which external to internal traffic ever touches (based off a discussion with our ISP)

      The air conditioner at Branch A has in internal IP xx.xx.100.xx

      When a user externally accesses xx.xx.xx.AA, Firewall: NAT: 1:1 handles this relationship (xx.xx.xx.AA –-> xx.xx.100.xx) just fine.

      The second router exists at Branch B.

      The air conditioner is assigned an internal IP xx.xx.120.xx

      We want to assign an external IP address for Branch B's air conditioner as xx.xx.xx.BB

      However, when we setup a NAT: 1:1 rule on Branch A's NAT table for this relationship (xx.xx.xx.BB ---> xx.xx.120.xx), it does not work

      Is there a way to route this traffic using rules/forwarding/etc? Or will we need to pay ISP to allow the NAT table at Branch B to be activated?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Why are you port forwarding if they are connected via VPN?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • V
          VS_IT
          last edited by

          We're not, at least not yet. I just included that in the question based on what I was seeing in the settings options which appeared to assist in changing traffic destinations around.

          Based on your response, it looks like forwarding wouldn't be involved. Please forgive my lack of knowledge as I'm really new at this.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            If they are connected via VPN they should probably be speaking with each other directly from private network to private network without any NAT.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.