Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Nested Firewalls Issues

    Routing and Multi WAN
    2
    4
    717
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ashtonianagain
      last edited by

      I have a WAN ip -> pfsense #1 192.168.1.0/24 -> pfsense #2 10.42.0.0/24. It seemed to be working but then attempting to setup a port forward to forward a wiregaurd port from #1 to #2. Now #2 connects and works initially but eventually within <15m #1 starts blocking it according to the fw logs on #1. It just says a default rule. Not sure how to diagnose further or if there is a guide for setting this stuff up, any advice?

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @ashtonianagain
        last edited by

        @ashtonianagain check to see if it is
        https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        A 1 Reply Last reply Reply Quote 0
        • A
          ashtonianagain @SteveITS
          last edited by

          @steveits Thanks, that actually looks like what might be going on. Is there any reason why a nested firewall issue would work intermittently? It works and then doesn't and the interface has to be reset. I don't see any interface errors. Not sure how this could be a routing issue. Very confusing.

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @ashtonianagain
            last edited by

            @ashtonianagain Can't speak to Wireguard but we've used it for our office (behind our building router) for many years and have had port forwards set up at several clients that put the router in a DMZ.

            There is a guide at https://docs.netgate.com/pfsense/en/latest/troubleshooting/nat-port-forwards.html but if it connects initially it would seem the forwarding is correct. Unless maybe it's trying to use additional ports?

            There are examples for Wireguard setup.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.