How to pass a private ip 172.X.X.X in WAN.

krishan

I need to pass or use a Private IP Address 172.X.X.X . So how can i set a rule for this IP address or pass it through Pfsense. I also don't want to disable the Block Bogon Network rule(default).

JKnott

Assuming you've got a real public address on the WAN side, what do you hope to accomplish? That address certainly won't go anywhere. If the WAN side is within one of the RFC 1918 blocks, then you don't want the Bogon filter.

krishan

I am working on openVpn,. and connecing to cloud server 127.x.x.x

JKnott

@krishan said in How to pass a private ip 172.X.X.X in WAN.:

I am working on openVpn,. and connecing to cloud server 127.x.x.x

I hope that's a typo and not 127.x.x.x, as that would really get you nowhere.

That bogon rule shouldn't be on the VPN.

krishan

hahaha typed wrong 172.x.x.x. all i want to access this private network ip through pf sense but as the Bogon filtering rule i am unable to access it. So can you please help me out to make this IP Address Pass through pf sense. I am new to pfsense.

stephenw10

Bogons have nothing to do with private addresses like 172.16/12.

Also the 'Block private networks' option only applies to incoming traffic. It does not block access to a private network from behind pfSense.

And as JKnott said it's usually only on the WAN anyway so if you;re using an OpenVPN tunnel that does not apply at all.

Steve

krishan

complete details : I have two WAN networks interface on LAN.
WAN 1 Public IP 14.x.x.x.x
WAN 2 DHCP 192.168.0.190
LAN 192.168.0.1

Rules
WAN 1 has bogon filter enabled
WAN 2 no rules (empty)
LAN Anti lock-out rule

OpenVpn server in AWS cloud and client side access that all I have.
disabling bogon filter from WAN 1 lets me access the aws server but enabling it cause server IP not found.

krishan

Block private networks and loopback addresses rule is also disabled and enabled with bogon filter*

stephenw10

So it stops the OpenVPN tunnel connecting?

stephenw10

@krishan said in How to pass a private ip 172.X.X.X in WAN.:

WAN 2 DHCP 192.168.0.190
LAN 192.168.0.1

If those are both /24 they are in the same subnet which is not valid.

krishan

LAN is on 24 and WAN is on 32

krishan

can we chat

ljr

@krishan said in How to pass a private ip 172.X.X.X in WAN.:

LAN is on 24 and WAN is on 32

/32 is a subset of /24... There are exactly 256 /32s in a /24 block. Why would your WAN IP be in the same range as your LAN subnet? That is an invalid configuration. Is that assigned to you by your ISP's DHCP server (aka carrier grade NAT) or is it just an IP you pulled out of your arse? If it's the former, change your LAN range. If it's the latter, read a few networking books...