Forward web traffic to another machine on same LAN
-
I have two server instances on vultr. One has pfSense installed, the other has default nginx. Both have private networking enabled. The private networking interface on the pfSense server is vtnet1 (LAN) and the webserver is ens7.
-
pfSense - 10.99.0.14
-
webserver - 10.99.0.15
I want traffic to the WAN port on the pfSense machine to be forwarded to the webserver. I have the following NAT setup.
Interface - WAN
Protocol - TCP
Source Address - *
Source Ports - *
Dest. Address - WAN address
Dest. Ports - 80 (HTTP)
NAT IP - 10.99.0.15
NAT Ports - 80 (HTTP)
Reflection - NAT + proxyFrom the shell on the pfSense server, I can ping the webserver;
ping 10.99.0.15
64 bytes from 10.99.0.15: icmp_seq=0 ttl=64 time=0.835 ms
Also from the shell, I can retrieve the default nginx page from the webserver;
curl 10.99.0.15
<title>Welcome to nginx!</title> ...
TCPDUMP on the webserver show TCP SYN packets coming through when I try to access the WAN interface in the browser, but that's it. The nginx access log shows nothing.
So I suspected that as both machines are obtaining their IP addresses from a different router, the webserver may not know how to route the packets back to the pfSense server.
I changed the default gateway on the webserver to that of the pfSense server
sudo ip route change default via 10.99.0.14 dev ens7
And that worked. But I can no longer ssh into the webserver.
What should I be doing to make this work properly?
-
-
Use WAN port on pfSense for SSH and forward it to the webserver.