General Questions
-
Dude your redirect IP is the wan IP - how do you think that could ever work???
This port forward says hey any traffic that his 178.8 - send it to 178.8 ;)
If you want traffic that hits 178.8 to be forward to something on 192.168.1 then that is what the reidrect IP would be!!! 192.168.1.?
Keep in mind that that IP you send it to needs to use pfsense as its gateway to get back to the 192.168.178 network.
With a port forward if you want get to say 192.168.1.100, then you go to 192.168.178.8 it gets forwarded to 192.168.1.100..
This is a PITA if you have lots different ports that you want to talk to different devices on 1 with.. If that is the case you want to route and not nat..
-
I made the changes, tested in different configurations in previous days in the following screen and I'm still unable to access from the physical machine that is in the 192.168.178.x to the machines that are in the 192.168.168.x
I don't know what else do, to be able that this works.
-
Why did you use WAN net as source? And why the hell did you configure HTTP as source port restriction? Web traffic isn't flowing from port 80 -> port 80 but from any random high port >1023 to port 80 server side. Your source address/port setup is bonkers, that's why it won't match your incoming traffic. Set source to any and source port to any and try again. @johnpoz never wrote anything about setting source restrictions, so why do you come up with that suddenly?
-
@JeGr said in General Questions:
suddenly
Can you please specify in each field what I must have to be choose? Keep in mind that Im beginner as you can see in all the previous conversations.
-
@johnpoz explained it more than once and wrote exactly what you need, but you tend to completely ignore what he writes and throw everything together in chaos.
- NO source address or source port. Choose ANY
- Destination is your WAN ADDRESS, not a network, not LAN it is the IP that you try to access that you want forwarded to your internal host!
- Redirect IP is your internal server/host that you are trying to reach via that WAN IP
- Destination Port and Redirect Port should match your service that you want to access. I assume HTTP (Port 80).
- filter rule assoc.: "add associated firewall rule". Not simply PASS. Let the system add a rule.
- save
- apply
- test
-
What is needed in this case is that any service, program, protocol or any that is in the network 192.168.178.x where able to communicate 192.168.1.x, for example RDP, SSH, web interface etc.
Those your previous instructions are valid to achieve this or it have to be in another configuration? -
I found it finally, here you can find the way how I achieve it:
https://community.spiceworks.com/topic/2210103-access-to-same-network-in-different-ip?page=1#entry-8386216
For the next time, keep in mind that we don't come here with an expertise background, the forms that both moderators reply are not the properly way to provide solutions.
Not only is necessary to have a good knowledge, it's also important to be polite.
I wish you the best, and (even it can sounds "weird"), thanks for all.
-
So you enabled outbound NAT on LAN for traffic hitting the port forwards?
If you still had pf enabled you would have to that to avoid asymmetric routing. You would have seen blocked traffic in the firewall log: https://docs.netgate.com/pfsense/en/latest/firewall/troubleshooting-blocked-log-entries-due-to-asymmetric-routing.html
It's a bit of an ugly solution though. It would be better to put those other VMs 'behind' pfSense such that they use the pfSense LAN as their gateway. That avoids the problem.
Steve
-
@thesharkgt said in General Questions:
the forms that both moderators reply are not the properly way to provide solutions.
By the way: After John already explained it in detailed steps, you still choose to ignore all we wrote. I even gave you a step by step list. Never did you come back to that with "that there, #3 did not work" but continued to configure away with other things alltogether. So yes, sorry if one can't read your mind and make you do the things, one writes time after time. That's nothing to do with not being friendly, but with giving up if you explain it multiple times and the one on the other side completely ignores all you wrote and does it another way and complains why it won't start working. Really frustrating. Perhaps that's one thing you as the questioner should also keep in mind.
I wish you the best, and (even it can sounds "weird"), thanks for all.
And for you, too!
-
I have no idea what he thinks he doing.. But it screams compete and utter freaking cluster to me..
I went above and beyond trying to help.. Just at a loss here..
Thread he linked to is pretty much a just all gibberish..
Not sure what some pings are suppose to show? Where did you ping 178.1 from? Those are some horrible lan response times for sure..
