LAN - > LAN port forwarding
-
Hi folks!
First post here - this is a fairly easy problem I'm having but I would like advice on this:
My environment looks like this|=| ISP - > Router 192.168.1.1 -> (int0: 192.168.1.47) PFSense (int1:10.10.1.254) -> Web Server (10.10.1.10)
My PFSense has 2 interfaces -
Int0 resides in the LAN
Int1 resides behind a DMZ and the network cannot be accessed from the LANIf I want to access the webserver(10.10.1.10) from the LAN (192.168.1.0/24), I thought enabling portforwarding on PFSense would be the right approach. This is how I set up my port forwarding rule:
Interface: LAN
Protocol: TCP/UDP
Source Addr/Ports: any/any
Dest Address: 192.168.1.100
Dest Port: 1337
NAT IP: 10.10.1.10
NAT Port: 80PFSense surprisngly enabled a firewall rule on my LAN interface automatically, and I set a rule to allow all traffic from any source IP from the WebServer Interface (Int1)
However, all LAN devices are assigned 192.168.1.1 as default gateway. From what I understand, the router would not be aware of PFSense's portforward rule so it would drop requests. Should I set a static route on the router for 192.168.1.100 to 192.168.1.47?
Thoughts?
-
With the port forwarding you have set up the webserver should be accessible from LAN by using 192.168.1.100:1337. There will no route be necessary for this.
-
Thanks viragomann,
I tried using wireshark to track where my packets are going. PFSense fails to respond to my ARP requests for some reason. I want to show you my port forwarding configs - I can't tell what I'm doing wrong. I even tried changing the default gateway to PFSense's IP address (192.168.1.47), hoping that PFSense had maintained a route or state for that address, but failed to respond to ARPs.
-
Since your WAN interface is in a private network range, check if you have deactivated the "Block private networks" option in the WAN interface settings?