Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    LAN - > LAN port forwarding

    Routing and Multi WAN
    2
    4
    2437
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cysk92 last edited by

      Hi folks!
      First post here - this is a fairly easy problem I'm having but I would like advice on this:
      My environment looks like this

      |=| ISP - > Router 192.168.1.1 -> (int0: 192.168.1.47) PFSense  (int1:10.10.1.254) -> Web Server (10.10.1.10)

      My PFSense has 2 interfaces -
      Int0 resides in the LAN
      Int1 resides behind a DMZ and the network cannot be accessed from the LAN

      If I want to access the webserver(10.10.1.10) from the LAN (192.168.1.0/24), I thought enabling portforwarding on PFSense would be the right approach. This is how I set up my port forwarding rule:
      Interface: LAN
      Protocol: TCP/UDP
      Source Addr/Ports: any/any
      Dest Address: 192.168.1.100
      Dest Port: 1337
      NAT IP: 10.10.1.10
      NAT Port: 80

      PFSense surprisngly enabled a firewall rule on my LAN interface automatically, and I set a rule to allow all traffic from any source IP from the WebServer Interface (Int1)

      However, all LAN devices are assigned 192.168.1.1 as default gateway. From what I understand, the router would not be aware of PFSense's portforward rule so it would drop requests. Should I set a static route on the router for 192.168.1.100 to 192.168.1.47?

      Thoughts?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        With the port forwarding you have set up the webserver should be accessible from LAN by using 192.168.1.100:1337. There will no route be necessary for this.

        1 Reply Last reply Reply Quote 0
        • C
          cysk92 last edited by

          Thanks viragomann,
          I tried using wireshark to track where my packets are going. PFSense fails to respond to my ARP requests for some reason. I want to show you my port forwarding configs - I can't tell what I'm doing wrong. I even tried changing the default gateway to PFSense's IP address (192.168.1.47), hoping that PFSense had maintained a route or state for that address, but failed to respond to ARPs.


          1 Reply Last reply Reply Quote 0
          • V
            viragomann last edited by

            Since your WAN interface is in a private network range, check if you have deactivated the "Block private networks" option in the WAN interface settings?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy