NATting on second WAN doesn't work with "create associated filter rule", only works if "Pass" is used
-
Hi there. I have two WAN and two LAN, and they map to each one 1-to-1.
WAN (static public ip 2.2.2.2) <-> LAN
WANWork (static public ip 3.3.3.3) <-> LANWorkSo far I've managed to set all that up, configured all the outbound nat rules and gotten both default and work network fully setup.
Now for the fun part. When I create NAT rules for the default WAN -> LAN, everything works normally.
However when I create NAT rules for the WANWork to a computer on LANWork, things... don't really work.
I even asked a friend who had numerous experience with pfsense and we went back and forth with the firewall rules and nothing worked.It wasn't until I changed the "Filter rule association" in the NAT that I'm trying to create from "Create new associated filter rule" to simply "Pass" then everything works fine.
Why doesn't "Create associated firewall rule" not work? It's somewhat worrysome that I can't have firewall filters for services behind the WANWork.
Entire firewall rules for the WORKWan:
Any help would be appreciated as I do wanna eventually implement fail2ban for the WORKWan and having default pass on ports is not really an enticing setup.
-
@thething-0 said in NATting on second WAN doesn't work with "create associated filter rule", only works if "Pass" is used:
Why doesn't "Create associated firewall rule" not work? It's somewhat worrysome that I can't have firewall filters for services behind the WANWork.
In fact, the associated rule should work as well. Your screens don't show it, so I cannot verify.
Which pfSense version do you run?
Basically you have to care, that the firewall rule is on the interface tab. It must not be reside on an interface group or floating tab.
-
@viragomann
Well crud, maybe I spoke too soon. It wasn't working on my old router but now for some reason it works.
I guess the only difference is I've upgraded to latest version 2.5.2 as I think before I was running 2.5.1 RC2 or something?Anyways I can tell you I was having this problem but I'm no longer having this problem sooooo....
I guess sometimes changing hardware and updating works ┐( ̄ー ̄)┌Thanks for the help anyways, I had given up on trying this again so I left the new router with the old "Pass" settings.
-
@thething-0 said in NATting on second WAN doesn't work with "create associated filter rule", only works if "Pass" is used:
I think before I was running 2.5.1 RC2 or something?
Yes, there was a known issue regarding Multi-WAN with this version:
https://redmine.pfsense.org/issues/11805 -
@viragomann Oh thank you so much.
That explains everything. For a moment there I thought I was going crazy :DThanks again for the help and clarification o/