Forward web traffic to another machine on same LAN



  • I have two server instances on vultr. One has pfSense installed, the other has default nginx. Both have private networking enabled. The private networking interface on the pfSense server is vtnet1 (LAN) and the webserver is ens7.

    • pfSense - 10.99.0.14

    • webserver - 10.99.0.15

    I want traffic to the WAN port on the pfSense machine to be forwarded to the webserver. I have the following NAT setup.

    Interface - WAN
    Protocol - TCP
    Source Address - *
    Source Ports - *
    Dest. Address - WAN address
    Dest. Ports - 80 (HTTP)
    NAT IP - 10.99.0.15
    NAT Ports - 80 (HTTP)
    Reflection - NAT + proxy

    From the shell on the pfSense server, I can ping the webserver;

    ping 10.99.0.15
    
    64 bytes from 10.99.0.15: icmp_seq=0 ttl=64 time=0.835 ms
    

    Also from the shell, I can retrieve the default nginx page from the webserver;

    curl 10.99.0.15
    
    
    <title>Welcome to nginx!</title>
    ...
    
    

    TCPDUMP on the webserver show TCP SYN packets coming through when I try to access the WAN interface in the browser, but that's it. The nginx access log shows nothing.

    So I suspected that as both machines are obtaining their IP addresses from a different router, the webserver may not know how to route the packets back to the pfSense server.

    I changed the default gateway on the webserver to that of the pfSense server

    sudo ip route change default via 10.99.0.14 dev ens7
    

    And that worked. But I can no longer ssh into the webserver.

    What should I be doing to make this work properly?



  • Use WAN port on pfSense for SSH and forward it to the webserver.