Home Lab - No WAN Pass-thru
-
I am having an issue trying to set up a home test lab. That is the reason why pfSense is not right after the router.
What I want to do is access from computer a (192.168.1.2) to computer b (192.168.2.2). Computer a and computer b are on different subnets.
Modem - 192.168.1.1
WAN - 192.168.1.100 | "Block RFC1918" and "Block bogon" unchecked
LAN - 192.168.2.1 | "Block RFC1918" and "Block bogon" uncheckedFirewall Rules:
192.168.1.2 * 192.168.1.100 * * none - WAN computer a to pfSense web
works
192.168.1.2 * 192.168.2.2 * * none - WAN computer a to computer b
not working
What I don't understand is I have modeled these rules off of my other pfSense installation (router to pfSense) that do work.
Thanks
-
Nobody is able to help?
-
I found the answer to my own question.
In case anybody finds this via Google, here is my current setup:
Internet - router (192.168.1.1) - switch - {pfsense 192.168.1.100} - {computer a (192.168.1.2)} - {computer b (192.168.2.2)}
{connected to switch}
computer a tracert computer b
1 2m 2m 1 ma router
request timed out (30x)In other words, the router is looking for the IP address 192.168.2.2 outside of the network and not inside.
-
So you have computer on pfsense wan, and you want to get to stuff behind pfsense NAT to lan.. Then you would have to port forward.. If you do not want to port forward, and use pfsense as a downstream router/firewall without nat.. Then unless you do host routing on devices on what becomes a transit network your going to have a bad time with asymmetrical routing.
To use pfsense as a downstream firewall/router or just router and not nat then pfsense needs to be connected to the upstream router via a transit network that no hosts are on so that you remove asymmetrical routing..
If you want to do what your doing with pfsense NATing between wan and its lan which is what it does out of the box.. .Then you would setup port forward for what ports you want to hit on 192.168.2.2, and haave your 192.168.1.2 computer hit pfsense wan IP at 192.168.1.100:port to get get forwarded to 192.168.2.2