NAT Pain (Multiple PfSense, Virtual And Physical Networks)
-
Hey all,
I'm having trouble getting my solution to work. Basically I'm trying to setup a 1:1 NAT from two different networks (one is my LAN, and another is a LAN behind another pfSense machine - see diagram): https://s27.postimg.org/4ahyyzn2b/network.png
I basically need to be able to go from Server A (192.168.1.131) to Server B (10.0.2.5) and any other server on the NAT network (10.0.2.1/24) using a variety of different ports (HTTP/HTTPS/UDP ports, TCP ports, etc).
The connection kind of works, from going out from Server B to Server A but I am experiencing packet loss when the connection is initiated from Server A to Server B in the opposite direction.
The virtual pfSense server has the WAN set to the 192.168.1.130 port and LAN set to the 10.0.2.1 port.
I've tried the following:
Configuring a VIP on the virtual pfSense server and setting up 1:1 NATRemoving the default restrictive WAN rules on the virtual pfSense machine (RFC rule etc)
Setting up a gateway/static route on the physical network for 10.0.2.0/24 via 192.168.128.130
Various other firewall rules to no avail.
Any help setting this up would be appreciated!
-
There should be no NAT config required. This should just work with basic routing, assuming your firewall rules are good. Post both firewall rules for the WAN & LAN interfaces, then blow away any weird NATs you may have created and start fresh.