Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Forward web traffic to another machine on same LAN

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 766 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      anastymous
      last edited by

      I have two server instances on vultr. One has pfSense installed, the other has default nginx. Both have private networking enabled. The private networking interface on the pfSense server is vtnet1 (LAN) and the webserver is ens7.

      • pfSense - 10.99.0.14

      • webserver - 10.99.0.15

      I want traffic to the WAN port on the pfSense machine to be forwarded to the webserver. I have the following NAT setup.

      Interface - WAN
      Protocol - TCP
      Source Address - *
      Source Ports - *
      Dest. Address - WAN address
      Dest. Ports - 80 (HTTP)
      NAT IP - 10.99.0.15
      NAT Ports - 80 (HTTP)
      Reflection - NAT + proxy

      From the shell on the pfSense server, I can ping the webserver;

      ping 10.99.0.15
      
      64 bytes from 10.99.0.15: icmp_seq=0 ttl=64 time=0.835 ms
      

      Also from the shell, I can retrieve the default nginx page from the webserver;

      curl 10.99.0.15
      
      
      <title>Welcome to nginx!</title>
      ...
      
      

      TCPDUMP on the webserver show TCP SYN packets coming through when I try to access the WAN interface in the browser, but that's it. The nginx access log shows nothing.

      So I suspected that as both machines are obtaining their IP addresses from a different router, the webserver may not know how to route the packets back to the pfSense server.

      I changed the default gateway on the webserver to that of the pfSense server

      sudo ip route change default via 10.99.0.14 dev ens7
      

      And that worked. But I can no longer ssh into the webserver.

      What should I be doing to make this work properly?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Use WAN port on pfSense for SSH and forward it to the webserver.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.