No SSH Access from extern to 172.16.x.x via 192.168.x.x
-
Hello,
I'm having trouble by configuring one of my vm's in a different private network than the pfsense and "main" lan network.
So, what I have:
2 Public IPv4 Adresses:
- 37.52.54.*
- 52.82.11.*
WAN 192.168.1.1 (Default GW)
LAN VM's 192.168.1.1 - 192.168.1.10 etc…
LAN2 VM's 172.16.1.x - 172.16.1.x etc...Here, everything is fine for 192.168.1.* over the public 37.52.54.* inbound and outbound, port forwarding etc is working great.
Now the tricky part. All the VM's with 172.16.1.x IP's should go over the public 52.82.11.*
What I have done now:
Creating a 1:1 NAT to say, move everything from source WAN to LAN2 (172.16.1.x).
Creating a NAT to say, from any to 172.16.1.x from 22 to 22.Nothing of this help.
I think I have a general problem understanding how 1:1 NAT works. I think general its more inteligent already to filter on the WAN interface that only port 22 is passed instead of forwarding everything (1:1) to the 172.16.1.x and forbidding everything else.
Thank you for reading, I hope on you guys can help me :)
I really love pfsense.
-
Unless you made a typo, you are showing your WAN and LAN on the same network (192.168.1.0). They need to be on different subnets, so even though it appears to be working you really should change LAN to 192.168.2.0. Fix that first and then try your test again.
-
Same problem. I think I do something wrong.
Is it useful to create a secon WAN interface for the other ipv4 adress on the other private network? Its highly important that 192.168.. can't speak with 172.16.. Or whats the best practice way?
-
Use Virtual IPs. Get your network right first and then start creating your NAT using the virtual IP.
-
Same Problem, I can ping the public ipv4 adress, but no traffic is reaching the hosts.
Mhm…now I have tried a different way. I have added a second WAN Interface and gave him the second public ipv4 adress. But in the selection of the upstream gateway I am not able to set the "default" gateway from WAN1, so the ip is in use, I think this is made by design and correct.
But...what now?
I just want to add some more services which should be avaiable on different ipv4 adresses, so that every VM has its own public ipv4 :-(
-
Ok lets clear up some info here.
So your saying you have to disjointed IP address
2 Public IPv4 Adresses:- 37.52.54.*
- 52.82.11.*
And they point to the same gateway IP? that not really correct, but ok - is that the case? So your isp is running multiple layer3 over the same layer 2? Such bad idea to be honest..
But you can for sure create a new wan with this other IP and point it to same gateway that is out of its network.. Just need to check it off..
-
Okay.
My ISP is OVH. The gateway in there infrastructure is even in another network, yep. But I doesn't know how there infrastructure really works. I'm running an ESXi (6.x) below.
I have changed the network adapter type from e1000 to vmxnet3 in the past days. Maybe something was breaked by doing this.
I will check the configuration and will reply the next days.
Thank you so much for helping me. :)
