Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Application and Server Communcation Between Two Pfsense Firewalls

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 594 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      LastDay
      last edited by

      I have a test scenario where I have an application elastic-agent (behind Pfsense Firewall A) that needs to send communication over 8220 and 9200 to my server elasticsearch (behind Pfsense Firewall B). So the communication between A and B needs to pass through these firewalls, so they are at different subnets, I want to know if is it possible communicate to each other? How I can create these rules? The application elastic-agent (behind Pfsense Firewall A) need to send information to 172.16.1.30:9200 and 172.16.1.30:8220, which is on the other network. How will my subnet see the other? Please anyone can help me?

      f3a3c30a-e32a-4b43-af92-b423de006d15-image.png
      Sorry, if is not the correct topic area.

      bingo600B 1 Reply Last reply Reply Quote 0
      • bingo600B
        bingo600 @LastDay
        last edited by bingo600

        @lastday

        1:
        Why is your WAN on two different "net's" ??
        192.168.19.x and 192.168.20.x
        In order for that to work you would need a /21 WAN subnet mask (255.255.248.0) on both firewalls.

        2:
        Your default gateway should point to the "Opposite" node
        So on FWA def-gw-should be the IP of FWB (192.168.19.4) , and vice versa FWB should point to (192.168.20.5)

        Edit:
        You have WAN as the communications interface , so there will be NAT/PAT involved.
        You would have to "Expose/PortTranslate" the Server on FWB to the "Outside" , and on FWB allow inbound traffic traffic from FWA's WAN IP , to the exposed Server NAT IP.

        This is not a beginners task ...

        Edit2:
        I would probably make an OpenVPN Lan-to-Lan tunnel instead.

        /Bingo

        If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

        pfSense+ 23.05.1 (ZFS)

        QOTOM-Q355G4 Quad Lan.
        CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
        LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

        1 Reply Last reply Reply Quote 1
        • L
          LastDay
          last edited by LastDay

          Hi @bingo600, thanks very much for the answers.

          @bingo600 said in Application and Server Communcation Between Two Pfsense Firewalls:

          1:
          Why is your WAN on two different "net's" ??
          192.168.19.x and 192.168.20.x
          In order for that to work you would need a /21 WAN subnet mask (255.255.248.0) on both firewalls.

          I will verify and check this. The network of the WAN nets interfaces needs to be /21 right?

          @bingo600 said in Application and Server Communcation Between Two Pfsense Firewalls:

          2:
          Your default gateway should point to the "Opposite" node
          So on FWA def-gw-should be the IP of FWB (192.168.19.4) , and vice versa FWB should point to (192.168.20.5)

          Did you say that because of the opposite sides of the letters? I didn't quite understand.

          @bingo600 said in Application and Server Communcation Between Two Pfsense Firewalls:

          Edit:
          You have WAN as the communications interface , so there will be NAT/PAT involved.
          You would have to "Expose/PortTranslate" the Server on FWB to the "Outside" , and on FWB allow inbound traffic traffic from FWA's WAN IP , to the exposed Server NAT IP.

          I did the following, at FWA I expose the 9200 and 8220 ports and at FWB I use a NAT to redirect to the server 172.16.1.30, "Its works", I can get some information, but it is not working properly. I am missing some information, the server can't reach the application, but the application can reach the server, but some information is missing. Do I have to do the inverse NAT (at FWB expose ports 9200 and 8220 and at FWA create a NAT rule to redirect to my application)? is it correct?

          Edit:
          This only works because I have a configuration at elastic-agent that I say to reach the WAN interface of the firewall B, is the unique way for receive information from the elastic-agent, but I think is more correctly maintain to reach the elasticsearch at 172.16.1.30, but if I do this, I can't get anything. I don't know if this are right.

          Thanks again.

          bingo600B 1 Reply Last reply Reply Quote 0
          • bingo600B
            bingo600 @LastDay
            last edited by

            @lastday said in Application and Server Communcation Between Two Pfsense Firewalls:

            2:
            Your default gateway should point to the "Opposite" node
            So on FWA def-gw-should be the IP of FWB (192.168.19.4) , and vice versa FWB should point to (192.168.20.5)

            Did you say that because of the opposite sides of the letters? I didn't quite understand.

            Well since you are using NAT on the WAN , and have Natted the server to the outside of FWB. And you will use a /21 Wan subnet mask , default gateway will not be needed in the communiction.

            Edit:
            This only works because I have a configuration at elastic-agent that I say to reach the WAN interface of the firewall B, is the unique way for receive information from the elastic-agent, but I think is more correctly maintain to reach the elasticsearch at 172.16.1.30, but if I do this, I can't get anything. I don't know if this are right.
            Thanks again.

            The current setup will only allow communications to be initiated from the Agent to the Server. Once initiated , the server is allowed to answer.

            If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

            pfSense+ 23.05.1 (ZFS)

            QOTOM-Q355G4 Quad Lan.
            CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
            LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

            L 1 Reply Last reply Reply Quote 1
            • L
              LastDay @bingo600
              last edited by

              @bingo600 said in Application and Server Communcation Between Two Pfsense Firewalls:

              The current setup will only allow communications to be initiated from the Agent to the Server. Once initiated , the server is allowed to answer.

              So, I don't need to do inverse NAT, correct? So there is any problem with my elastic-agent. Thanks!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.