Cannot Access Servers behind WAN1 from WAN2 LAN network

mrito

Hi List,
I have running Public Servers (WEB,EMail Server) behind my WAN1 and I have another network behind WAN2. My problem is, my users on LAN of WAN2 cannot access my Public Servers on WAN1. What do you think is the issue? Sorry I'm newbie in Pfsense.

Thanks,
Malvin

johnpoz

What are you wanting to happen??  How do you have these wans setup for your different lans.  Are you setting a gateway forcing them out a specific wan?

So you want say wan2 lan to go all the way out to wan2 internet across the internet and then in wan1 to get to your servers?

Why do you not just let wan2 lan talk to wan1 lan directly through pfsense using rfc1918 addresses?

mrito

Well I just want my Wan2 Network be able to access my Public Servers on WAN1. WAN2 is actually used for WIFI connection only and it does not have an access on WAN1 LAN.

Can you show me how I'm gonna solve this. Thanks.

muswellhillbilly

@mrito:

Well I just want my Wan2 Network be able to access my Public Servers on WAN1. WAN2 is actually used for WIFI connection only and it does not have an access on WAN1 LAN.

Can you show me how I'm gonna solve this. Thanks.

If your public servers sit behind WAN1, I'd be inclined to treat the connection between your Wifi and public networks as a LAN-2-DMZ relationship. Set up rules to allow selective services through from your Wifi directly to the Public Servers area and access the servers directly that way rather than routing out and back in again.

johnpoz

^ exactly!!!  There is no point to routing out just to come back in.  Clearly you want your wifi to have access, so just setup a rule on your wifi to allow the access you want into your wan1 lan from the IPs on the wifi you want to allow access.

Post up your wan 1 and 2 lan rules.  I am guessing you have specific gateways on the rules to force them out a specific wan..  Your going to need to create rules to allow the access you want.  if you don't want any wan1 lan to initiate traffic to wan2 lan then you don't need rules there but if you want wan2 lan to start a conversation to wan1 lan then you would need rules above he rule that forces a gateway to allow the connection.

This also means your not natting between your lans - if you went out you would nat out, and then would just have to nat to get back in. Does not seem efficient to me ;)

mrito

See attached screenshots.

My LAN subnet is 172.16.9.0 - WAN1 Local Network
My DSL_LAN subnet is 172.16.20.0 - WAN2 Local Network (This is already the LAN for WiFi Users)