2WAN-2LAN All Wans Have Identical Setup, Lans Identical Setup, ONLY 1 LAN WORKS



  • Hi.

    SETUP:
      I have pfSense box set up with 2 WAN and 2 LAN interfaces.

    One node has 2 LAN connection each coming from different LAN interface:
        Lan1 is setup with 192.168.2.xx internal IPs
        Lan2 is setup with 192.168.3.xxx internal IPs

    NAT 1:1 binds public IP xx.xx.xx.165 to 192.168.2.50
      NAT 1:1 binds public IP xx.xx.xx.197 to 192.168.3.50

    Firewall rule allows ssh,http to both 192.168.2.50 and 192.168.3.50

    What works:
      Almost everything:  WAN1, WAN2 have connections ping and can access.

    Issue:
      I can ssh from psSense box to both 192.168.2.50 and 192.168.3.50  (confirms recipient box is up on both lans).
      but I can only ssh to 192.168.2.50 from outside word and CANNOT CONNECT TO second connection 192.168.3.50

    Attached are the NAT set up and Firewall Rules I have set. 
    EVEYTHING is good on LAN 1, but when LAN1 is disabled (or without disabling) I cannot access node  connected to LAN2 (it’s the same node as LAN1 is connecting without issue)

    I confirmed I can connect to the node from LAN1 and LAN2 from pfSense box itself, but not from behind firewall




  • Netgate

    Check the firewall. etc on host 192.168.3.50.

    https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

    I don’t think it’s your issue but why not two firewall rules to the SSH systems? Dest any seems lazy and unspecific to me there.



  • Thank you for your reply.

    As you have mentioned, having any for ssh port wasn’t the issue.  I have it at any to have ssh port open for all nodes.

    I almost pulled my hairs out!

    This is what I noticed and was the problem:

    Under Firewall/NAT  pfSense automatically generated Mapping rules. 
    All mapping rules were for internal IPs to link to default WAN.  (192.168.2.x -> WAN1 && 192.168.3.x -> WAN1)

    When I manually changed mapping for 192.168.3.x -> WAN2  it fixed it and it works now.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy