Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Acces from external LAN Router

    Scheduled Pinned Locked Moved Routing and Multi WAN
    8 Posts 3 Posters 642 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dcuadrados
      last edited by

      Good afternoon, and thanks in advance, let me tell you what is happening to me and that I cannot find the solution. I have a MacroLAN network that joins 4 locations of a client, with the ranges 192.168.2.0/24, 192.168.3.0/24 , 192.168.4.0/24 and 192.168.5.0/24

      In the main headquarters 192.168.4.0/24, I have a pfsense mounted, with the IP 192.168.1.0/24, the problem is that I cannot access that router because they do not let me manage it, then I find the following, If I access network 1 from my network, any of the others works without problems, but if I try to access network 1 from networks 2,3,4 or 5, it does not change, what rule should I create to allow that those networks access my main network 1?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @dcuadrados
        last edited by

        @dcuadrados said in Acces from external LAN Router:

        If I access network 1 from my network

        What ist "network 1"?
        And what "my network"?

        D johnpozJ 2 Replies Last reply Reply Quote 1
        • D
          dcuadrados @viragomann
          last edited by

          @viragomann Sorry, the router network where I have the pfsense is 192.168.5.1/24, and the networks 192.168.2.0/24, 192.168.3.0/24 and 192.168.4.0/24 are external networks, but that between them are connected by the phone company

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @viragomann
            last edited by

            Yeah not clear to what exactly the problem is?

            Is that you can not access this network behind pfsense from any other network? But you don't manage the pfsense.. So not sure how you expect pfsense to fix that if you can not manage pfsense?

            These other sites do not have pfsense? And network 192.168.2 can access 192.168.3 for example?

            A drawing would help.. So are these sites wan all sharing a common wan network and full routing mesh? What exactly is doing the routing..

            Or is your problem you have 192.168.1 on pfsense and you can not access some other 192.168.1 network?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            D 1 Reply Last reply Reply Quote 0
            • D
              dcuadrados @johnpoz
              last edited by

              @johnpoz Good afternoon, I manage the PfSense on the 192.168.1.1 network, which is the LAN part of the PfSense, the network that gives me access to the internet is 192.168.5.1, which is the company's router, this is the main headquarters of the company.

              I from the 192.168.1.1 network, which is the one that I manage and where I have the PfSense, if I access and see the other networks, but from the other networks that only have a router, I am not able to reach the 192.168.1.0 network / 24

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @dcuadrados
                last edited by johnpoz

                @dcuadrados said in Acces from external LAN Router:

                I am not able to reach the 192.168.1.0 network / 24

                So these other sites can not access network behind pfsense? Well you would have to allow that.

                So all of these sites are not natting.. Out of the box pfsense would nat..

                A drawing would be very helpful. But if your only gateway is to your HQ via a 192.168.5 network.. I would take it you do not nat and all the routing is done at HQ between all the other sites. So turn off natting at pfsense and allow on your wan these other networks to your lan on your wan rules. You will also need to turn off the rfc1918 blocking default rule on the wan.

                You really need to provide a drawing if you want any real help. We are just guessing at this point to how your actually setup. You say that HQ is 192.168.4 and then you mention 192.168.5 is how you get to HQ..

                Sounds like to me you added a pfsense to your site, and its natting and has what your old nework was on its wan.. So yeah sites are not going to be able to get to you.. You really need to work with your company IT team to add a firewall at your site.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                D 1 Reply Last reply Reply Quote 0
                • D
                  dcuadrados @johnpoz
                  last edited by

                  @johnpoz Here is the diagram:

                  Captura de pantalla 2021-06-16 a las 17.02.01.png

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @dcuadrados
                    last edited by

                    Ok that is a start. So you have a vpn to 192.168.4? You have another connection in this 192.168.4 network along with your wan?

                    You are just routing without vpn at 192.168.4 router to 192.168.1? via this public IP? And this 192.168.4 network also has a wan IP in this /29 public network?

                    I REALLY suggest you get with your company IT dept about adding a firewall to your site, especially since it seems they don't even allow you access to your sites router?

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.