Access to CCTV with different lan interfaces
Good afternoon to the Forum friends.
I already searched the internet and even the forum and I could not solve my doubt that I believe to be basic and decided to cry out for help here, lol …
I have a pfsense with 4 interfaces
LanDevices --- 192.168.35.1
LanCorp --- 18.104.22.168
Each lan interface is connected to a different switch. So I split the networks and the only connection between them is via router (pfsense)
However, there was a need to visualize the lanDevices interface cameras through the lanCorp interface. The ips drip, but the doors are locked. I've tried to release it in several possible ways, but I believe I'm doing the wrong thing. And I think it's the same principle, but I have the same problem with the clock and the digital PABX, both connected on different interfaces and I can not connect to them.
Someone could throw a light on me in this situation.
Thank you all right away ....
What firewall rules do you have on both LAN interfaces?
Now nothing. I erase all configuration and only rest Nat working
If you have the default "pass all" rule on LAN then devices on LAN will be able to reach devices on the other "LAN2".
e.g. if LanCorp is the interface with the "pass all" rule, then device on LanCorp can reach devices in LanDevices.
a) You can just add a rule at the top of LanCorp to pass source LanCorpNet, destination LanDevicesNet - that will make sure that this traffic passes.
b) If you want to access LanDevices by name (rather than directly using their IP addresses) then you will need some DNS that know the names. e.g. you can make each device have a fixed IP address (in the device itself, or a static mapping in the pfSense DHCP server) and add a host override in pfSense DNS server.
c) In order to know how to reply, each device needs to have a default route (gateway) back to the pfSense LanDevices IP address. That way the device will send a response back and pfSense can deliver it to the LanCorp client.
Thanks for the reply, but unfortunately it does not work.
I got some printscreen attached for you.
Even in another interface this rule does not work….. in the top also no
The rule must go on the interface where the first traffic is initiated. So you need to put a Pass rule on CENTRALLAN with source CENTRALLANnet, destination DEVICESLAN and do not put any gateway. Traffic commencing from some CENTRALLAN device to access a camera on DEVICESLAN will be passed, and so will the reply traffic from the camera (automagically).
The rule on CENTRALLAN must go before any rule(s) that direct other traffic to some gateway or gateway group. You do not want the local traffic to be forced out a WAN.
f you want to also do the reverse - a camera on DEVICESLAN to initiate a connection back to CENTRALLAN, then you have to put a similar rule on DEVICESLAN, source DEVICESLANnet, destination CENTRALLANnet. And put that rule before the rules that have a gateway or gateway group.
;D ;D ;D ;D ;D ;D ;D ;D ;D
Thanks God for your life…..
rather than set for all devicesLan I've got to a single host and it works perfect man... so now, i have to do many entrys here for other hosts...
thank yoy very much...