Port Forwarding / NAT / Routing Problem



  • Hello,

    I'm trying for 3 weeks getting my configuration running, without any success. I hope anyone of you guys can help me.
    My problem is to get running additional ip adresses, so my plan is to give every virtual machine a different ip address (OVH Failover IP)

    My Equipment:

    ISP: OVH
    Hypervisor: ESXi 6.0
    Hypervisor IP: 32.37.68.58

    WAN

    • IPv4 Configuration Type: Static

    • IPv4 Address: 5.196.111.243

    • IPv4 Upstream Gateway: 32.37.68.254 /24

    LAN

    • IPv4 Configuration Type: Static

    • IPv4 Address:172.16.0.1 /24

    • IPv4 Upstream Gateway: None

    WAN2

    • IPv4 Configuration Type: Static

    • IPv4 Address: 193.42.21.183

    • IPv4 Upstream Gateway: 193.42.21.254 /24 (1.) Is this correct? I have choosen this because I can't select the same upstream gateway from WAN1)

    LAN2

    • IPv4 Configuration Type: Static

    • IPv4 Address:172.16.2.1 /24

    • IPv4 Upstream Gateway: None

    pfsense -> Gateways Settings:

    GW_WAN 32.37.68.254        32.37.68.254 Online
    GW_WAN2 193.42.21.254    193.42.21.254 Offline (2.) Why this one is colored offline?)

    #1 Firewall Rule:

    Action: Pass
    Interface: WAN2
    Address Family: IPv4
    Protocol: TCP
    Source: Any
    Destination: Single host or alias -> 193.42.21.183
    Destination Port Range: from: SSH(22) to: SSH(22)

    #2 Firewall Rule:

    Action: Pass
    Interface: LAN2
    Address Family: IPv4
    Protocol: any
    Source: LAN2 net
    Destination: any
    Advanced Options: Gateway: GW_WAN2 193.42.21.254

    I want to SSH to a VM in 172.16.2.2 (which is in the LAN2)
    It looks like, the traffic goes to 172.16.2.2, but the pfsense can't send it to the source address.

    What I have tried and worked is the following rule:

    #3 Firewall Rule:

    Action: Pass
    Interface: WAN2
    Address Family: IPv4
    Protocol: TCP
    Source: any
    Destination: Single host or alias -> 193.42.21.183
    Destination Port Range: from: HTTPS(443) to: HTTPS(443)

    With this rule, I am able to get a webpage (pfsense login, thats not what I want, but here I can see that anything happened in the background).

    I am really frustrated wasting so much time without any solution. Did I have to uses outbound NAT or something? What is my problem? :(
    Thank you so much for reading this!


Log in to reply