Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to connect to opt1 from wan side to access server on other network

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 4 Posters 963 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eliotte
      last edited by

      So one of our clients has a network with a ip range of 10.10.10.x/8 .on that network we have our servers.
      We jsut put our firewall on the otherodem en configured it. when we change the lan ip to the other client ip and turn off dchp lan.we can't connect to it from outside.
      so we decided to configure a lan side and a opt1 for the client side to access our server on their network.

      problem is: when we vpn or forward wan side port to the opt1 interface to access our server on their network it doesn't work.
      we set the rules allow all and forwarded the port but still nothing.

      what could  be the problem.
      wan side: 192.168.1.x/24
      lan side :172.16.0.x/24 -> lan side is enabled but not connectedd on their network
      opt1 side: 10.10.10.x/8.

      we only need our firewall to access our server on their network.

      what could be the problem or what re we doing wrong

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Are you trying to forward the same port that the pfSense WebGUI is listening on?

        1 Reply Last reply Reply Quote 0
        • E
          eliotte
          last edited by

          no we use another port to listen on our server. we have a port that we use for webgui pfsense.

          Here are some pictures of our configuration

          the 10.10.10.216 that is our server on the clients network that we want to acess

          Capture1.JPG
          Capture1.JPG_thumb
          Capture2.JPG
          Capture2.JPG_thumb
          ![Capture3 - Copy.JPG](/public/imported_attachments/1/Capture3 - Copy.JPG)
          ![Capture3 - Copy.JPG_thumb](/public/imported_attachments/1/Capture3 - Copy.JPG_thumb)
          Capture5.JPG
          Capture5.JPG_thumb
          Capture6.JPG
          Capture6.JPG_thumb

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Clearly you have no understanding at all of how the rules are evaluated.

            Or how basic networks even work… In what scenario would pfsense be involved with lan net to lan net traffic??

            In what scenario would your IPv6 lan address be the source of traffic hitting the lan?

            Your wan has rules to allow any any into your lan at the very top - dude!!!  Remove such rules.!!!

            In what scenario would you be natting source traffic of 172.16.0/24 to dest 172.16.0/24 to the wan address?

            Rules are evaluated as traffic enters an interface.  First rule to trigger wins, no other rules are evaluated..

            You have an complete and utter MESS there...  I would suggest you start over!!!

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • E
              eliotte
              last edited by

              oke but the problem is the from the lan side we can't go to the opt1 side.

              Thats why i psted the screenshot to see if one of the rules is wrong.

              This is the first time we have to configure such a thing. normally our firewall does everything when we install it. but because the client already has a firewall and doesn't want our firewall to connect to their network and mess up their configuration. but the problem is the moment we put the ip from our client on the lan side and disable dhcp. we cannot connect to ur firewall anymore thats why we use the opt1 interface

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                doing what? to opt1 you only have TCP allowed.. So you would not be able to ping, etc.

                And you have your outbound nats all F'd up!!!  And your natting to opt1..

                Start OVER!!!  Don't just start clicking shit…

                Your default rule on lan is any any... So if you create an opt interface you would be able to get to it.  Nothing to do on opt1 rules to let lan talk to it.

                Create any any rule on opt1 and now you will be able to talk lan to opt an opt to lan... Then ask what you would like to do and be happy to walk you through it.

                And our also shoving stuff out a vpn it looks like vs policy routing it out, with rules to allow access to your opt before you shove everything out your vpn via default route, etc.  Why do you have a rule to PIA in your outbound nat - but looks only partial.. Dude Start OVER!!!

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • GrimsonG
                  Grimson Banned
                  last edited by

                  @eliotte:

                  but because the client already has a firewall and doesn't want our firewall to connect to their network and mess up their configuration.

                  Wise move from that client.

                  1 Reply Last reply Reply Quote 0
                  • E
                    eliotte
                    last edited by

                    thanx for the information. i will start from beginning and let you know how it goes

                    1 Reply Last reply Reply Quote 0
                    • E
                      eliotte
                      last edited by

                      So i did everything again.

                      i can ping the opt1 interface from the lan side with the pfsense.but from the pfsense i can't the server from the opt1 interface.

                      opt1 interface ip: 10.10.10.249
                      server ip: 10.10.10.216

                      what am i doing wrong.  firtst time i have to do such a setup that why.

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        Well is that server running a firewall.. Windows machine for example will not answer ping from other than is local network.  Is that box using opt1 IP as its gateway.. If not then how would the answer get back.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • E
                          eliotte
                          last edited by

                          So we got everything working fine. When we use vpn we can connect to our server on opt1 and everything.

                          But now we want to get external access to our server using the opt1 interface.

                          But when we forward the port it doesn't work.

                          we want to forward a port to our server that is n opt1 interface.

                          example: external ip:poort x ->to our server that is connected to the opt1 interface

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.