Port Forwarding / NAT / Routing Problem

Firewalling
Log in to reply
  • E

    Hello,

    I'm trying for 3 weeks getting my configuration running, without any success. I hope anyone of you guys can help me.
    My problem is to get running additional ip adresses, so my plan is to give every virtual machine a different ip address (OVH Failover IP)

    My Equipment:

    ISP: OVH
    Hypervisor: ESXi 6.0
    Hypervisor IP: 32.37.68.58

    WAN

    • IPv4 Configuration Type: Static

    • IPv4 Address: 5.196.111.243

    • IPv4 Upstream Gateway: 32.37.68.254 /24

    LAN

    • IPv4 Configuration Type: Static

    • IPv4 Address:172.16.0.1 /24

    • IPv4 Upstream Gateway: None

    WAN2

    • IPv4 Configuration Type: Static

    • IPv4 Address: 193.42.21.183

    • IPv4 Upstream Gateway: 193.42.21.254 /24 (1.) Is this correct? I have choosen this because I can't select the same upstream gateway from WAN1)

    LAN2

    • IPv4 Configuration Type: Static

    • IPv4 Address:172.16.2.1 /24

    • IPv4 Upstream Gateway: None

    pfsense -> Gateways Settings:

    GW_WAN 32.37.68.254        32.37.68.254 Online
    GW_WAN2 193.42.21.254    193.42.21.254 Offline (2.) Why this one is colored offline?)

    #1 Firewall Rule:

    Action: Pass
    Interface: WAN2
    Address Family: IPv4
    Protocol: TCP
    Source: Any
    Destination: Single host or alias -> 193.42.21.183
    Destination Port Range: from: SSH(22) to: SSH(22)

    #2 Firewall Rule:

    Action: Pass
    Interface: LAN2
    Address Family: IPv4
    Protocol: any
    Source: LAN2 net
    Destination: any
    Advanced Options: Gateway: GW_WAN2 193.42.21.254

    I want to SSH to a VM in 172.16.2.2 (which is in the LAN2)
    It looks like, the traffic goes to 172.16.2.2, but the pfsense can't send it to the source address.

    What I have tried and worked is the following rule:

    #3 Firewall Rule:

    Action: Pass
    Interface: WAN2
    Address Family: IPv4
    Protocol: TCP
    Source: any
    Destination: Single host or alias -> 193.42.21.183
    Destination Port Range: from: HTTPS(443) to: HTTPS(443)

    With this rule, I am able to get a webpage (pfsense login, thats not what I want, but here I can see that anything happened in the background).

    I am really frustrated wasting so much time without any solution. Did I have to uses outbound NAT or something? What is my problem? :(
    Thank you so much for reading this!

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy