Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    VLAN cannot access private network behind another router

    L2/Switching/VLANs
    3
    3
    50
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sho1sho1sho1 last edited by

      I have a private network behind my pfsense firewall.

      Router WAN connected to pfsense VLAN 20, Route LAN is 10.0.0.0/8 private network.
      -10.0.0.0/8 Private network
      -VLAN 20 Gateway is 192.168.20.1
      -router WAN IP is 192.168.20.11 dynamically assigned by pfsense VLAN 20 dhcp server
      -router LAN IP is 10.0.0.1

      I am trying to ssh server 10.0.0.198 but cannot get to the server.

      On the router, I set NAT Virtual Server external IP 192.168.20.11 port 22 and internal IP 10.0.0.198 port 22.

      ssh root@192.168.20.11 does not work.

      I can ping 192.168.20.1 and 192.168.20.11. I can get to the router's webgui at 192.168.20.11. But somehow, the port forwarding is not working.

      Does anyone have experiencing in setting this up before?

      Thanks!

      V johnpoz 2 Replies Last reply Reply Quote 0
      • V
        viragomann @sho1sho1sho1 last edited by

        @sho1sho1sho1
        Possibly pfSense is listening on port 22.
        Check the settings in System > Advanced > Admin Access > Secure Shell Server.

        Maybe change either port.

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator @sho1sho1sho1 last edited by

          @sho1sho1sho1 said in VLAN cannot access private network behind another router:

          -router WAN IP is 192.168.20.11 dynamically assigned by pfsense VLAN 20 dhcp server
          -router LAN IP is 10.0.0.1

          So if your wan of pfsense is rfc1918 this 192.168.20 address. And you want to get to 10.0.0.x on pfsense lan, if pfsense is doing nat.. Yes you would have to setup a port forward.

          Also you would have to disable the block rfc1918 rule on pfsense wan. This rule blocks source IPs of rfc1918, which I would assume your client your trying to ssh to this 10.box is on..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 23.01 | Lab VMs CE 2.6, 2.7

          1 Reply Last reply Reply Quote 0
          • First post
            Last post