1 Public Static IP for 1 dynamic IP location
-
Looks like I am having little more trouble on this topic. Port forwarding to servers in Location #2 working just fine. But having difficulties with the webserver. We have a web server in location #2 that need to be reached with Public IPv4 in location #1. How can i forward an entire IP to the 2nd location so people can reach the site? As of now I did port forward 80,443 for X.X.X.X to reach the web server on 10.0.0.17/24 in location #2.
Hope the issue is clear.
-
If you don't have multiple addresses at site 1, 1:1 NAT will make everything for that single address go to the NAT address.
If you have multiple addresses to use, use one for them for 1:1 NAT.
What specifically isn't working. Please be specific. List addresses and ports and locations and be specific. please be specific. Did I say to be specific? Specifically be specific. And complete. Please provide complete and specific information about what is not working.
Completely and specifically.
-
May be this attached diagram will help?
I have Site #1 with Public Static IP and #2 with Dynamic WAN IP. I want all incoming traffic to come to Site #1 as thats where the static IPs are. We have Web servers on site #2 that need to be reached by clients. Also got a Linux virtual servers that need to be reached using static IP without any port restriction/forwarding.
The tunnel between 2 sites are up and running. Email server is reached with no issue. The web servers can also be reached but touch and go. CentOS server is unreachable unless I do port forwarding on Site #1. But dont want to micro manage that. User should just access whatever port they need to to the linux server if i can forward the IP itself.
Basically trying to making Site #2 work as if it was physically located in Site #1. Main problem right now how can I pass the entire /24 IP block through the tunnel.
-
If you have all those addresses just 1:1 NAT from one of them to the one across OpenVPN. Then pass the traffic you want passed.
-
If you have all those addresses just 1:1 NAT from one of them to the one across OpenVPN. Then pass the traffic you want passed.
So I have created a 1:1 NAT on pfSense server location #1 for 99.99.99.0/24. Server using OpenVPN tab with rules IPv4 * *. On client OpenVPN rules tab is empty while created an Interface based on openvpn. That also got rule IPv4 * *.
Since Source and Destination is * in the rules, shouldnt things just get passed? You referred to just pass the traffic i need to pass, could you please be kind and give me an example of the rule and where does it need to go in order for public to reach the webserver through 1 one of the public IP? -
Well you can't 1:1 NAT 99.99.99.0/24 to 99.99.99.0/24 nor is there any reason to.
What, exactly, are you looking to do?
If 99.99.99.0/24 is on the interface at site #1 (which would be completely stupid - nobody sane would put a /24 on a WAN interface) then you have to NAT it to something else.
If it is routed to the WAN at Site #1 then just make it (or a subnet of it) a remote network across the OpenVPN and you don't have to NAT at all.
It really depends on what you actually have and what you want to do with it.
-
At location #1 I have a Static 88.88.88.00/28 and Static IPv4 99.99.99.00/24 from ISP. pfsense WAN interface runs on 88.88.88.01/28. 99.99.99.00/24 is being routed to us via an VirtualIP interconnect 88.88.88.04/28.
Location #2 has dynamic IP from ISP. I have few web servers in location #2 with IP:
99.99.99.01/24 = abc.com
99.99.99.02/24 = xyz.com
99.99.99.03/24 = 123.comUsers need to reach abc.com/xyz.com/123.com over internet using their browser. Instead of the web servers being in location#1, they all are in location #2. Right now when somebody tries to reach abc.com or any domains, it times out or gets page not found error.
I do apologize for all these clarifications and taking so much time!
-
If it is routed to the WAN at Site #1 then just make it (or a subnet of it) a remote network across the OpenVPN and you don't have to NAT at all.
It really depends on what you actually have and what you want to do with it.
I just reread your post. Yes you are very correct, the 99.99.99.00/24 is being routed to WAN at Site #1.
then just make it (or a subnet of it) a remote network across the OpenVPN and you don't have to NAT at all.
I do not know how to 'just make a remote network across the OpenVPN mean'. I have a feeling this is where i am stuck.
-
Are the web servers at location #2 actually listening on the 99.99.99.X addresses on their interfaces or do they have some other local interface addresses they are listening on?
Focus on just one. The rest will just be duplication of that.
-
Are the web servers at location #2 actually listening on the 99.99.99.X addresses on their interfaces or do they have some other local interface addresses they are listening on?
Focus on just one. The rest will just be duplication of that.
There is an interface in location #2 pfsense with 99.99.99.254/24. Gateways for the web servers are pointed to that.
-
So just add 99.99.99.0/24 as a remote network on the OpenVPN at site 1.
See also all the stuff above about reply-to and assigned interfaces at site 2.
Pass the traffic on site 1 WAN that you want to pass such as tcp source any dest 99.99.99.1 ports 80 and 443
Make sure that traffic DOES NOT MATCH on the OpenVPN tab at site 2. It has to NOT MATCH there and match on the assigned interface tab.
