2WAN-2LAN All Wans Have Identical Setup, Lans Identical Setup, ONLY 1 LAN WORKS
-
Hi.
SETUP:
I have pfSense box set up with 2 WAN and 2 LAN interfaces.One node has 2 LAN connection each coming from different LAN interface:
Lan1 is setup with 192.168.2.xx internal IPs
Lan2 is setup with 192.168.3.xxx internal IPsNAT 1:1 binds public IP xx.xx.xx.165 to 192.168.2.50
NAT 1:1 binds public IP xx.xx.xx.197 to 192.168.3.50Firewall rule allows ssh,http to both 192.168.2.50 and 192.168.3.50
What works:
Almost everything: WAN1, WAN2 have connections ping and can access.Issue:
I can ssh from psSense box to both 192.168.2.50 and 192.168.3.50 (confirms recipient box is up on both lans).
but I can only ssh to 192.168.2.50 from outside word and CANNOT CONNECT TO second connection 192.168.3.50Attached are the NAT set up and Firewall Rules I have set.
EVEYTHING is good on LAN 1, but when LAN1 is disabled (or without disabling) I cannot access node connected to LAN2 (it's the same node as LAN1 is connecting without issue)I confirmed I can connect to the node from LAN1 and LAN2 from pfSense box itself, but not from behind firewall
-
Check the firewall. etc on host 192.168.3.50.
https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
I don't think it's your issue but why not two firewall rules to the SSH systems? Dest any seems lazy and unspecific to me there.
-
Thank you for your reply.
As you have mentioned, having any for ssh port wasn't the issue. I have it at any to have ssh port open for all nodes.
I almost pulled my hairs out!
This is what I noticed and was the problem:
Under Firewall/NAT pfSense automatically generated Mapping rules.
All mapping rules were for internal IPs to link to default WAN. (192.168.2.x -> WAN1 && 192.168.3.x -> WAN1)When I manually changed mapping for 192.168.3.x -> WAN2 it fixed it and it works now.