Access Internal Webserver Across Subnets



  • I have a similar project to this one:
    https://forum.netgate.com/topic/138587/access-internal-webserver-multiple-subnet

    I am using an SG-8860 1U box, 3 of the 6 network ports are being used - WAN, LAN, and OPT1. WAN is a static IP from AT&T fiber, LAN is setup and working fine, OPT1 is for my VOIP phones. I have a VLAN subnet called GUEST, running on my physical LAN port. LAN is assigned 10.0.1.1/24, GUEST is assigned 172.16.0.1/24. Both have DHCP servers setup and running just fine for both networks.

    I would like to give 1 guest computer with a static IP address access across the GUEST subnet, into the LAN subnet, to talk to a webserver on the LAN network. The webserver works just fine outside the company, over the WAN, with both a NAT rule and a matching firewall rule. The webserver is running with port 8091 open on the firewall.

    My GUEST network has lots of rules already in place, to keep the wireless guests out of the other networks and other firewall services. Those all work just fine. There is no gateway defined for the GUEST network, it uses the default, I'm assuming.

    So, I have NO rules setup to allow this traffic, and I was reading the post linked to above. It seems that there was NOT a clear solution in that post, so I figured I'd ask here how to do this. Can anybody help me with some rule(s), and where it/they get placed in the rules list?

    Here's a screenshot of my GUEST firewall rules as of right now.

    0_1550618618389_Screen Shot 2019-02-19 at 5.22.00 PM.png

    Thanks for your help!

    Jeff



  • Rules are evaluated top-down, first match wins. Add your rule to the 'allow these first' section. Source is your GUEST client IP address, destination is the LAN IP address of your server. That should be all you need.

    https://doc.pfsense.org/index.php/Firewall_Rule_Basics

    https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting



  • @KOM Ok, thanks. Let me give that a try.

    Jeff


Log in to reply