Forwarding traffic from a LAN IP to another LAN IP
-
I have added a second NIC, assigned it as OPT1, assigned a new subnet for it (192.168.0.1/24), Configured DHCP ipv4 for it (192.168.0.100 to 192.168.1.199) and it doesn't seem to work (any device that I connect to the new OPT1 interface doesn't have an IP assigned nor does it connect to 192.168.0.1 (pfsense webGUI for that subnet)).
I have NAT/Outbout set to Hybrid (the new subnet is already set in Automatic rules).
Config for OPT1:
IPv4: Static IPv4
IPv6: None (I set it to none because I can't use Track interface as I do in LAN, as it is already assigned to WAN prefix).
Ipv4 Address: 192.168.0.1/24DHCP OPT1 config:
Enable: tick
Range: 192.168.0.100-192.168.0.199
Gateway: 192.168.0.1I hope this is not too offtopic.
Edit: Yes, it is a ESP8266 module, but I went too far at this point to get back to the binary/hexedit patch method.
-
1: You dont have your IOT devices static mapped in the "old" dhcp do you ?
2: Solve the DHCP issue , maybe use a PC on the OPT1 to debug , and see if you get dhcp at all.
3: When DHCP is solved and your devices gets ip's , do some checks from the pc to the IOT server , so ensure the nat works.
4: restart your IOT devices to get a new address.
I do hope the ESP's are using DHCP and not static ip's , else you're FSCK'ed.
-
@draand28 said in Forwarding traffic from a LAN IP to another LAN IP:
I have added a second NIC, assigned it as OPT1, assigned a new subnet for it (192.168.0.1/24), Configured DHCP ipv4 for it (192.168.0.100 to 192.168.1.199) and it doesn't seem to work
Did you split your LAN subnet or simply add another DHCP range to it?
-
@bingo600 1. No, they are not static mapped for sure (they are just connecting to the said SSID + pass and request an IP from the DHCP server)
2. DHCP now works on OPT1 (second subnet) after disabling IPv6 on OPT1, but it has no internet connection.
Also, 192.168.0.1 (IP address for pfsense webgui for this subnet, the gateway) isn't accesible. - connection timeout.For some reason when I connect my windows laptop to LAN (via a switch) DHCP doesn't work, I always get the following address: 169.254.225.232 (but my ubuntu servers connected on the same subnet work fine). I tried enable/disable NIC for the windows laptop and a restart but it didn't help.
Edit: After a restart of pfsense, I am now able to connect with my windows laptop to the original subnet 192.168.1.1 (LAN, not OPT1).@viragomann I added another DHCP range to it (with a new subnet, 192.168.0.1, the old LAN subnet being 192.168.1.1)
Edit 2: After the reboot something weird happens, all devices from the OPT1 interface now have DHCP leases, I can see them in the firewall log requesting different connections, but still no Internet access.
-
@draand28 said in Forwarding traffic from a LAN IP to another LAN IP:
- DHCP now works on OPT1 (second subnet) after disabling IPv6 on OPT1, but it has no internet connection.
Outbound NAT should have been added automatically if you have "Hybrid"
Have you allowed internet access via a firewall rule on OPT1 (new interface)Also, 192.168.0.1 (IP address for pfsense webgui for this subnet, the gateway) isn't accesible. - connection timeout.
Only LAN has an automatic rule to allow WebGui access (80/443/22)
You have to add that rule manually to other interfaces -
@bingo600
Ok, I have added internet access and pfsense access for the 2nd subnet, everything works fine. ESP boards are now requesting to connect to 192.168.1.228 (the blynk server).What are the exact settings that I need for the NAT rule to forward all traffic from 192.168.0.1XX:8080 to 192.168.1.240:8080?
So far I tried (but it didn't work):
Interface: OPT1
Protocol: TCP/UDP
Source: any, port 8080
Destination: any
Destination port range: 8080
Redirect target ip: 192.168.1.240
Redirect target port: 8080
NAT reflection: Enable (Pure NAT)
Filter rule: Rule NAT -
@draand28 said in Forwarding traffic from a LAN IP to another LAN IP:
@bingo600
Ok, I have added internet access and pfsense access for the 2nd subnet, everything works fine. ESP boards are now requesting to connect to 192.168.1.228 (the blynk server).What are the exact settings that I need for the NAT rule to forward all traffic from 192.168.0.1XX:8080 to 192.168.1.240:8080?
So far I tried (but it didn't work):
Interface: OPT1
Protocol: TCP/UDP
Source: any, port 8080
Destination: any
Destination port range: 8080
Redirect target ip: 192.168.1.240
Redirect target port: 8080
NAT reflection: Enable (Pure NAT)
Filter rule: Rule NATAre you using portforward or outbound nat or ?
I'm not a pfSense NAT guru , only using portforward at home
But i'd change destination from any to 192.168.1.228
And drop reflection -
You might be able to do it with a port forward too, if only port 8080 is interesting.
But NAT is a better way , as that means all requests would be xlatedInterface OPT1
Proto TCP
Source -- Leave alone
Dest - Single host or alias = 192.168.1.228
Dest port range = 8080
Redirect target ip = 192.168.1.240
Redirect port - Other = 8080Leave rest as is
-
@bingo600
Yes, I was trying with Port Forwarding.Thanks for the tip. Everything is in order now - after I changed the settings to your example (ESPs started appearing in blynk app, also the connection works both ways (I can send instructions to the ESPs)).
My issue is finally solved! Thank you both for the fast answers.
-