How to route rfc1918 private ip on WAN net to IP on LAN net

SimpleTechGuy

Hi everyone! Been working on this for hours with no success. Hoping someone here might provide some direction. Basically I have a bridged cable modem - router with public ip - pfsense wan net on rfc1918 - lan1.... wan ip network is rfc1918 and gets static address to router lan. I have a kvm machine on wan net which also has static ip to router lan. I need to make KVM on WAN net communicate with pc on LAN1 behind pfsense...

figure it is nat related, tried multiple things from creating VIPs, using 1to1 nat, multiple firewall rules, etc, and just can't get this to work. It's really driving me crazy. It seems the solution is to make a VIP Alias and use NAT to translate to LAN, but it doesn't seem to work. I didn't restart the firewall, so maybe that's all i need to do, but figured I would ask here before causing any problems with the network..

Thank you!

Modem bridged to router wan
|
Static Ip's on Router LAN
|
KVM & PFSENSE get ip from Router
|
WAN - LAN1 - LAN2 - VPN STUFF on PFSENSE

viragomann

I guess, you're are missing the route to the network behind pfSense. If your WAN devices doesn't have a static route they send packets to the default gateway, which is obviously your router.

VIPs on WAN interface for each LAN1 device and natting the traffic may also be a way to go, but a stony one.

Also ensure that you have removed the check from "Block private networks" in WAN interface settings.

If you also want to have access to WAN device from VPN clients connected to pfSense it gets more complicated. You will need additional routes for this.

Maybe it's an option for you to let pfSense do the whole upstream routing and put the KVM machine also behind it. So you won't have to worry about routes.

SimpleTechGuy

@viragomann said in How to route rfc1918 private ip on WAN net to IP on LAN net:

I guess, you're are missing the route to the network behind pfSense. If your WAN devices doesn't have a static route they send packets to the default gateway, which is obviously your router.

Oh man I feel like such an idiot!!, of course the kvm is going to the router!!! Man thank you so much. Sometimes things get so complicated that I forget about the basics.. I really appreciate it, this was driving me insane!

@viragomann said in How to route rfc1918 private ip on WAN net to IP on LAN net:

Maybe it's an option for you to let pfSense do the whole upstream routing and put the KVM machine also behind it. So you won't have to worry about routes.

pfsense is actually a virtual machine on the kvm. Got it set this way so I still have internet to kvm and can reboot remotely the pfsense if something goes wrong.

viragomann

@SimpleTechGuy said in How to route rfc1918 private ip on WAN net to IP on LAN net:

pfsense is actually a virtual machine on the kvm. Got it set this way so I still have internet to kvm and can reboot remotely the pfsense if something goes wrong.

Mine runs on KVM as well. It gets the public IP via PPPoE and does the whole routing stuff here. It does its job for almost three years now this way without any trouble.