LAN - > LAN port forwarding



  • Hi folks!
    First post here - this is a fairly easy problem I'm having but I would like advice on this:
    My environment looks like this

    |=| ISP - > Router 192.168.1.1 -> (int0: 192.168.1.47) PFSense  (int1:10.10.1.254) -> Web Server (10.10.1.10)

    My PFSense has 2 interfaces -
    Int0 resides in the LAN
    Int1 resides behind a DMZ and the network cannot be accessed from the LAN

    If I want to access the webserver(10.10.1.10) from the LAN (192.168.1.0/24), I thought enabling portforwarding on PFSense would be the right approach. This is how I set up my port forwarding rule:
    Interface: LAN
    Protocol: TCP/UDP
    Source Addr/Ports: any/any
    Dest Address: 192.168.1.100
    Dest Port: 1337
    NAT IP: 10.10.1.10
    NAT Port: 80

    PFSense surprisngly enabled a firewall rule on my LAN interface automatically, and I set a rule to allow all traffic from any source IP from the WebServer Interface (Int1)

    However, all LAN devices are assigned 192.168.1.1 as default gateway. From what I understand, the router would not be aware of PFSense's portforward rule so it would drop requests. Should I set a static route on the router for 192.168.1.100 to 192.168.1.47?

    Thoughts?



  • With the port forwarding you have set up the webserver should be accessible from LAN by using 192.168.1.100:1337. There will no route be necessary for this.



  • Thanks viragomann,
    I tried using wireshark to track where my packets are going. PFSense fails to respond to my ARP requests for some reason. I want to show you my port forwarding configs - I can't tell what I'm doing wrong. I even tried changing the default gateway to PFSense's IP address (192.168.1.47), hoping that PFSense had maintained a route or state for that address, but failed to respond to ARPs.




  • Since your WAN interface is in a private network range, check if you have deactivated the "Block private networks" option in the WAN interface settings?


Log in to reply