Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Chat server behind double nat and multi wan

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 3 Posters 618 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AlexanderK
      last edited by

      Hello everyone,

      I have a pfsense with many static public ips.

      Behind this i have another pfsense and then a chat server (openfire) like the following diagram

      87e8eccd-16a0-4283-b258-0b308336e4f1-image.png

      Server has ip 192.168.106.100
      1st pfsense internal ip is 192.168.93.17 and external ip of second pfsense is 192.168.93.18.
      (Both pfsenses have many interfaces, there many servers and pfsenses cannot be merged - different floors, many ips to use and numerous servers)

      Server has as gateway the internal ip of 1st pfsense (192.168.93.17) and also traffic is natted
      1st pfsense has as gateway one static ip and also traffic is natted.

      Server shows as external - public ip, the external ip of the 1st pfsense (static)

      When following the opposite direction...i have port forward the external ip of 1st pfsense and the port to external ip and port of 2nd pfsense. Traffic is natted.
      Then from external ip and port of 2nd pfsense i port forward them to the port of the server.

      Everything works and i have no issues....
      But at the admin console of the chat i can see the clients with the same ip....the internal ip of the 1st pfsense 192.168.93.17

      i tried many scenarios...disabling some nats but every time i have connectivity issues.

      Can you help me by proposing solutions and tactics? If it is possible i want to have in the chat server the public ips of the clients.

      Thanks in advanced

      V S 2 Replies Last reply Reply Quote 0
      • V
        viragomann @AlexanderK
        last edited by

        @alexanderk
        This is done by the outbound NAT.
        So check the outbound NAT settings of the first pfSense. Any rule there on the internal interface?

        1 Reply Last reply Reply Quote 0
        • S
          SteveITS Galactic Empire @AlexanderK
          last edited by

          @alexanderk I'm not quite clear where the clients are, out on the Internet? In the simple sense it should work to just make a NAT forward on pfSense1 to 192.168.93.18, which also has a NAT forward to 192.168.106.100.

          Everything on the LAN of pfSense1 would either need to use NAT reflection using its WAN IP, or connect to 192.168.93.18.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          A 1 Reply Last reply Reply Quote 0
          • A
            AlexanderK @SteveITS
            last edited by AlexanderK

            @steveits clients are out in the internet

            Everything is working. I don't have any issues.
            The issue is that with this configuration i am losing public ips of clients on chat server
            I needs proposal for fixing this

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.