Access from internet router to LAN
-
Hi!
I have a psense server with 2 internet routers working in failover but now I need to do a port forward from RT1 to LAN host but I cant get it
I need to get access from RT1 to LAN2 host, in RT1 I have the net 192.168.1.0 and my LAN is 10.0.0.0 the RT1 is connected to pfSense and LAN nic to switch from pfsense
What rule do I need to do for accessing from RT1 to LAN2 host in rules?
TIA
Any cluees?
-
@macaruchi is the connection from rt-1 itself, ie some rfc1918 address - this 192.168.1 address, or is some public IP? Coming through rt1?
If its from a 192.168.1 address, the block rfc1918 rules that are default on any wan interface would prevent that traffic. So no your port forward wouldn't work.
-
Yup that. ^ Otherwise nothing special should be required. What have you tried so far? How did it fail?
-
@johnpoz said in Access from internet router to LAN:
@macaruchi is the connection from rt-1 itself, ie some rfc1918 address - this 192.168.1 address, or is some public IP? Coming through rt1?
The RT1 has 2 IP, WAn IP and LAN IP, LAN IP = 192,168.1.1 this is connected directly to pfsense interface with IP 192.168.1.2 static IP address
If its from a 192.168.1 address, the block rfc1918 rules that are default on any wan interface would prevent that traffic. So no your port forward wouldn't work.
The interface doesnt have blocked the RFC1918, that is it default, in this interface, BOGON Networks,
-
@macaruchi what is the source IP in the traffic your trying to allow. If not rfc1918, or bogon - then you would still need to allow the access you want, either to the pfsense wan, or via a port forward.
Also make sure there are no overlapping networks.. Pfsense normally prevents you from creating them, but if your wan interfaces are dhcp then sure there could be overlaps with your lan or both your wan networks.
-
If it's from a public IP it would also need to forwarded through RT1.
-
@stephenw10 said in Access from internet router to LAN:
Yup that. ^ Otherwise nothing special should be required. What have you tried so far? How did it fail?
I think the same but I cant access to 10.0.0.0/24 network :(
-
@stephenw10 said in Access from internet router to LAN:
If it's from a public IP it would also need to forwarded through RT1.
Yes! this is that I am trying to do but from RT1 I cant get to LAN network. The dhcp from RT1 is disable
-
@macaruchi well lets see your port forwards.. You sure its not just the host blocking the access.
First thing I would suggest in any port forwarding troubleshooting is validate the traffic actually gets to pfsense wan. Pfsense can not forward what it never sees.
Go to like can you see me . org - sniff on the wan interface of pfsense and send some traffic..
Here simple test that takes 10 seconds. Sent a port, don't even have it forwarded or anything but can see that it actually gets to pfsense wan.
Did you setup the port forward on rt1 to send whatever traffic your trying to forward on pfsense to pfsense wan?
-
@johnpoz said in Access from internet router to LAN:
@macaruchi well lets see your port forwards.. You sure its not just the host blocking the access.
First thing I would suggest in any port forwarding troubleshooting is validate the traffic actually gets to pfsense wan. Pfsense can not forward what it never sees.
Go to like can you see me . org - sniff on the wan interface of pfsense and send some traffic..
Here simple test that takes 10 seconds. Sent a port, don't even have it forwarded or anything but can see that it actually gets to pfsense wan.
No, it doesntDid you setup the port forward on rt1 to send whatever traffic your trying to forward on pfsense to pfsense wan?
Yes
-
@macaruchi said in Access from internet router to LAN:
No, it doesnt
So how would you expect pfsense to forward something that never gets to pfsense?
Either you don't have the forward setup correctly in the router in front of pfsense, or the traffic is never even getting to that router for it to forward.. You sure when you went to can you see me that the IP it sent the traffic too was the routers wan IP that you setup the forward to pfsense wan IP?
