LAN to WAN Internet Traffic Setup
-
I am attempting to set up a PFSense Firewall to sit between my private network and the world in AWS and act as a firewall/forward proxy. I set the box up with 2 interfaces, WAN (on 10.8.162.6 with a gateway of 10.8.160.1 on a /20 network) and LAN (on 10.8.96.6 on a /20 network, set none on the upstream gateway). Initially, I set up the box without the squid proxy just to make sure I had connectivity between the LAN and WAN. I forwarded the traffic to the LAN but it would not talk to the WAN interface.
The next stuff I did, made the traffic be able to talk to the internet and go back to the box, but I know it is not the correct way to do it.
-Created the WAN gateway 10.8.160.1
-Created the LAN gateway 10.8.96.1
-Created firewall rules to allow any traffic to the LAN interface.
-Created firewall rule to allow traffic from LAN to WAN
-Created NAT to nat traffic coming from 10.0.0.0/8 to the WAN interface.
-Set the Pure NAT option in the advanced settings.
-Set the reflection option in the NAT settings.(this is eventually what made the traffic flow, but is wrong)
-Set route for 0.0.0.0/1 to the Wan Interface
-Set route for 128.0.0.0/1 to the Wan interface
-Set route for 10.8.96.0/20 to the LAN interface
-Set route for 10.8.128.0/20 to the LAN interface (IP address space of the computer I'm testing with)The AWS space has a CIDR of 10.8.0.0/16 so all but the DMZ subnet (10.160.0.0/20) will point to PFSense for connectivity to the Outside.
My question: What is the correct way to set my box up for what I am trying to accomplish? The default setup is not working for me and I don't know what it is I need to add. I'm also wondering why the stuff coming in to the LAN interface isn't picking up on the default route in PFSense. The biggest thing I have a problem with is that pseudo default route I put in.
Any help is appreciated