Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PF Sense Configuration question

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 667 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rollin1
      last edited by rollin1

      I have pfsense running as a VM in Hyper-V. The vm has 4 interfaces on it WAN, A, B, C. The main management interface is on interface A. We have an

      Interfaces - WAN, A, B, C

      WAN - 5 static ip's
      Network A - 192.168.5.0/24
      Network B - 192.168.200.0/24
      Network C - 172.16.16.0/24

      FW rules for WAN
      NAT for our RDS Gateway server
      Firewall has a port forward for the public ip for this are tcp https and UDP 3391 to 192.168.5.28 Firewall has a port forward for 2nd public ip for this using HTTP and HTTPS to 192.168.5.24

      FW Rules for Network A
      Deny access to network B
      Deny access to network C
      Allow outbound traffic out of WAN

      FW Rules for Network B
      Deny traffice to management interface on network B
      Deny access to network A
      Deny access to network C
      Allow outbound trafic out of WAN

      Clients are unable to get to NAT for website NAT on Network A
      Clients are also unable to get to the RD Gateway NAT on Network A

      FW Rules for Network C
      Network C has access on 443/3391 to get access to RD Gateway on Network A
      Deny traffice to management interface on network C
      Deny access to network B
      Deny access to network A
      Allow outbound trafic out of WAN

      Clients are unable to get to NAT for website NAT on Network A
      Clients are also unable to get to the RD Gateway NAT on Network A

      PF Sense has a outbound static nat to leave the network as proper public IP

      How am I going to be be able to have Network B and Network C be able to traverse the NAT for our RD Gateway server and website? Does each network need to be on its own vlan?

      I have played around with changing firewall policies and changing static routes but I was curious if anyone could provide advice.

      R V 2 Replies Last reply Reply Quote 0
      • R
        rollin1 @rollin1
        last edited by

        I enabled Pure NAT and now I can get to the RD Gateway webpage and the companies webpage.

        I also have Enable NAT reflection 1:1 Nat checked and Enable automatic outbound NAT for Reflection checked too.

        R 1 Reply Last reply Reply Quote 0
        • R
          rollin1 @rollin1
          last edited by

          I left these settings and everything worked at the end of the day and I ran into services not starting from a reboot that happened last night.

          Any ideas for my other question above?

          1 Reply Last reply Reply Quote 0
          • V
            viragomann @rollin1
            last edited by

            @rollin1 said in PF Sense Configuration question:

            How am I going to be be able to have Network B and Network C be able to traverse the NAT for our RD Gateway server and website? Does each network need to be on its own vlan?

            If you're accessing the servers by host names add host overrides to your DNS and add proper firewall rules.
            Otherwise use the internal IP for accessing.

            R 1 Reply Last reply Reply Quote 0
            • R
              rollin1 @viragomann
              last edited by

              @viragomann Pure NAT helped with the NAT problems we were having and I had to hit our RD Gateway server from the other networks was to hit the RD Gateway by its private IP.

              I had to then replicate the same firewall rules we had going from WAN to Network A
              Network B is allowed to hit 192.168.5.28 on Network A on 443, udp 3391 and 3389
              Network C is allowed to hit 192.168.5.28 on Network A on 443, udp 3391 and 3389

              Thanks

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.