How to do Comunication between 2 networks

macaruchi

Hi!
I have 2 internet ISP and both come in to pfsense. These accounts have the address
192.168.0.0/24 Wan1
192.168.1.0/24 Wan2
and my LAN is 10.0.0.0/24 LAN

Each network has a different NIC

My problem is that I cant comunicate from W1 or W2 to LAN . I addedd this rule for this

but doesnt work!!

If I do a ping since W2 to any host in the LAN doesnt work

What it is the rule thta I need to put ?

TIA

viragomann

@macaruchi
Firewall rules must be added to that interface, where the traffic is coming into pfSense.
So if you WAN to allow access from WAN2 you have to put this rule on WAN2.

However, not clear, which access you really want to allow here.
"WAN2_CENSOL net" is only the subnet which is defined on this interface, i.e. 192.168.1.0/24.
If you really want to allow access from this subnet only, but not from the whole internet, you also need to go to the interface settings and remove the check at "block private networks" if any, which is set by default on WAN interfaces.

macaruchi

@viragomann

The block is disable but if I try to ping from 192.168.1.2 to 10.0.0.109, the first IP is the local IP in this segment for PfSense, I cant, the ping never works.

I think I need this bc I am trying to do a port forward to 10.0.0.109 HTTPS and access it from internet but I cant do this yet

I did the port forward from ISP router to pFsense but now I need to go to webserver and I cant arrive to the webservice

viragomann

@macaruchi
For ping you have to allow ICMP. Your shown rule only covers TCP.

Accessing an IP behind pfSense does not require a port forwarding, just a proper pass rule to allow it.

Also consider that the destination device can block the access by its own internal firewall. So you possibly have to add a rule there as well.

macaruchi

@viragomann
the webserver doesnt have firewall, for now
the idea is can access from internet the webserver behind pfsense

like
hhtps://myserver.com:8443/script.php

I am looking for info about this topic and everybody tell me that I need to do a PortForward rule to pass traffic from

ISP router -> PfSense -> WebServer

viragomann

@macaruchi said in How to do Comunication between 2 networks:

ISP router -> PfSense -> WebServer

The question is, if the source address (which pfSense is seeing) is the ISP router or something in the internet.
Normally it should be the public IP of the client.

The this

192.168.1.2 to 10.0.0.109

is different thing at all.

I said, there is no need for port forward pass traffic from one subnet, which is connected to pfSense to another, as you mentioned you cannot ping between these.

If you have enabled traffic forwarding to pfSense on the ISP router, the destination IP in the packets is the WAN IP of pfSense, but not the IP of the device behind. In this case you have to forward the traffic on pfSense as well.
But this is not, what you requested before.

Maybe you can give more details about your setup and what you try to achieve.

macaruchi

@viragomann
OK
I need to do this call https://myserver.com:8443/script.php, this server is behind PfSense

To get this I did this
ISP Router -> PfSense -> WebServer

I did a POrtforward into ISP router and put the port 8443 point to 443 in the pfsense Server until now this works bc when I call https://myserver.com:8443 I get the PfSense GUI so this PortForward is working bc is coming to PfSense.

Now I need to go through pfSense and arrive to webserver that is not pfSense
for this i did this
CReate a Rule in pFsense NAT

WAN2_Censol is the interface for come in the traffic so I am trying to redirect that traffic to server 10.0.0.109 port 443

My PfSense has 3 NIC
1-WAN1 - 192.168.0.2
2- WAN2 - 192.168.1.2
3- LAN - 10.0.0.2

LOCAL IP for ISP router 192.168.1.1

These are the rules in the WAN2 interface

The last rule is automatic when I do the NAT

So finally the need is can access to webserver using 8443 port that is 10.0.0.109 but from internet https://myserver.com:8443

https://myserver.com:8443 if I do now works showing me pfsense GUI.

I think that because the server is on another network, which is not WAN2 but LAN, it cannot reach since there is no communication between these two subnets, that is, if I give a ping from 192.168.1.2 to 10.0.0.109 the ping does not work although there is a rule that says that traffic coming from WAN2 can reach the LAN

Really this should be so easy but I cant solve this I suppose must be my errror but I dont know where , I have done all that for getting a webserver behind PfSense but nothing works

I hope this be enought to understand the scenario

TIA

viragomann

@macaruchi
All clear now.

I see this issue:
On the ISP router, you forwarded traffic on port 8443 to <pfSenseWAN2>:443
On pfSense forwarded traffic from WAN2:8843 to <weberver>:443

But pfSense doesn't get the packets on port 8443, but on 443. So you need to change the destination port in the forwarding to 443.

You should also change the WebGUI port to anything else. You can do this in System > Administration.