Acces computer from Internet that are behind two pfSenses
Hello. For a client I am trying to access port 80 on a computer behind two pfSenses. The challenge is that the pfSenses are connected via OpenVPN.
Please view the attached diagram.
We can from the computer 192.168.125.10 access port 80 on the 192.168.127.3 (it is a NAT + rule on pfSense B that opens for port 80 to 192.168.127.3).
I have made a NAT + rule on Firewall A that allows access from WAN to 192.168.127.3, but it is not working.
What am I doing wrong?
Best regards Andreas
Without knowing exactly how you have the NAT set up, the A pfsense will NAT to the (going to get this wrong as I don't see the diagram anymore) 10.0.8.1 IP as the client goes to the web server. Meaning, the rule is not to allow that internet client(it's internet IP) access but to allow the 10.0.8.1 IP access over port 80.
This is under the assumption that OpenVPN has routing information for the 192.168.125.x, and that network exists in both pfsenses as a routable network. Internet clients will be nat'd to the IP of the interface you specify, in this case, the openVPN IP of 10.0.8.1.
Again, going on conjecture and assumption of how the rules may be set up.