Access device connected to 2nd router behind pfsense
-
My current setup is: Internet --> PFsense(VM)(10.0.0.0) --> Network Switch -->[10.0.0.40] DD-WRT router (192.168.0.0)
The router has a static IP and pfsense is setup to direct all traffic from that router (10.0.0.40) through ExpressVPN.
If I connect to the router I'm connected to the VPN so that's working great. My problem is I can't SSH to a device connected to the router from 10.0.0.0 or my DDNS.
I have DDNS setup (on pfsense) and can SSH to other devices that are on pfsense using it. I would like to use my DDNS to SSH into the device connected the DD-WRT(not using port 22).
Is there a simple solution to my dilemma?
-
I can access 192.168.0.0 from within that network and I can access 10.0.0.0 from 192.168.0.0 but cannot access 192.168.0.0 from 10.0.0.0 or externally.
I tried setting up rules between interfaces and that didn't work either
I have 2 NICS 1-WAN / 1-LAN (each with their own interface) and an OPT1 interface for ExpressVPN
-
@Drunk3nSlang said in Access device connected to 2nd router behind pfsense:
My problem is I can't SSH to a device connected to the router from 10.0.0.0 or my DDNS.
You will need to add a static route on the device in 10.0.0.0 for the network behind the router pointing to 10.0.0.4.
As well you need to add a static route to pfSense to get access from outside.
-
@viragomann could you please elaborate. I've tried every combination I could think of and still can't get it to work.
-
I would expect his dd-wrt is doing NAT... So no he wouldn't need to route.. Only if its just routing and not natting would he need to setup any routing or a gateway.
If that is the case then he is going to run into asymmetrical routing more than likely because his transit this 10.0.0 network has hosts on it.. If you going to use a downstream router then you need a actual transit network.
-
@johnpoz yes I have double Nat. I'm running a skyminer behind the second router and want it to be separate from my home network.
-
And your pfSense has only two network interfaces available and you have no VLAN capable switch?
-
This post is deleted! -
@viragomann said in Access device connected to 2nd router behind pfsense:
And your pfSense has only two network interfaces available and you have no VLAN capable switch?
Yes I wish I would have bought a double nic card. I think I can do VLAN on the ddwrt
-
Well if your doublenatting to get to stuff behind the dd-wrt you would need to setup port forwarding on the dd-wrt and hit the wan IP of dd-wrt to get forwarded.. There is zero to do on pfsense for such a setup to work.
-
@johnpoz I tried that. My problem is I have pfsense tunneling the static IP of the ddwrt through expressvpn. Port forwarding works as long as I'm not tunneling. Maybe the VPN is enough to isolate skyminer traffic from my home network and I can just use the ddwrt as a switch?
The skyminer acts as it's own VPN that ppl can tunnel through so I need to tunnel its traffic so it's not coming from my ip
-
@johnpoz FML thanks for your help. I didn't click the enable check box on the port forward on the wrt.