• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Accessing LAN from a specific IP from WAN

Scheduled Pinned Locked Moved Firewalling
10 Posts 3 Posters 399 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    maltepk
    last edited by Dec 14, 2024, 11:34 AM

    Hello everyone,

    last week I got my first installation of pfSense running and I was able to get some bsic things working. During the whole process I'm learning a lot about networks but my overall knowledge is still near zero.
    My Network looks roughly like this:

    Internet (fiber) --- AVM Fritzbox (192.168.188.0/24) --- pfSense --- Homelab (192.168.11.0/24)

    Now I would like to connect from one of my devices, that is connected to the Wifi network of the Fritzbox to my homelab services. Unfortunately I have no idea how to solve that problem and open the access for a specific device.

    I would really appreciate some help.

    V 1 Reply Last reply Dec 14, 2024, 6:47 PM Reply Quote 0
    • V
      viragomann @maltepk
      last edited by Dec 14, 2024, 6:47 PM

      @maltepk
      You have to add a static route on the Fritzbox for 192.168.11.0/24 and point it to pfSense WAN.

      And on pfSense go to the WAN interface settings and disable "block private networks".

      M 1 Reply Last reply Dec 14, 2024, 6:59 PM Reply Quote 0
      • M
        maltepk @viragomann
        last edited by Dec 14, 2024, 6:59 PM

        @viragomann 54561298-4f4c-4a53-94e8-2e5adc3bb366-image.png I have set the static route ans disabled the WAN "block private networks". Unfortunately it didn't do the trick.

        Or is the gateway IP I've set in the static route wrong? It is the IP of the WAN of pfSense

        V 1 Reply Last reply Dec 15, 2024, 9:22 PM Reply Quote 0
        • V
          viragomann @maltepk
          last edited by Dec 15, 2024, 9:22 PM

          @maltepk
          Yes, the gateway has to be the WAN IP of pfSense.
          But as network you have to state the network address, which is 192.168.11.0/24.

          Also ensure that your home lab devices, which you want to connect to, allow access from outside of their own subnet. By default this is blocked by their own system firewall.

          M 1 Reply Last reply Dec 17, 2024, 4:25 PM Reply Quote 0
          • M
            maltepk @viragomann
            last edited by Dec 17, 2024, 4:25 PM

            @viragomann said in Accessing LAN from a specific IP from WAN:

            @maltepk
            Yes, the gateway has to be the WAN IP of pfSense.
            But as network you have to state the network address, which is 192.168.11.0/24.

            Also ensure that your home lab devices, which you want to connect to, allow access from outside of their own subnet. By default this is blocked by their own system firewall.

            Unfortunately I'm not yet able to access my devices. Are there any other settings I need to change in the pfSense?

            T V 2 Replies Last reply Dec 17, 2024, 5:52 PM Reply Quote 0
            • T
              the other @maltepk
              last edited by Dec 17, 2024, 5:52 PM

              @maltepk
              You added that static route in fritzbox gui, okay.
              You disabled "Block private networks" inpfsense WAN Interface, done.
              But did you add a rule (WAN Interface) for that ONE IP you want to use to access your network(s) behind pfsense?
              Something like

              Source IP.YOU.WANT allow Destination LAN (or your subnet VLAN XY) Ports AS WANTED/ALL etc.

              the other

              pure amateur home user, no business or professional background
              please excuse poor english skills and typpoz :)

              M 1 Reply Last reply Dec 17, 2024, 8:30 PM Reply Quote 0
              • V
                viragomann @maltepk
                last edited by Dec 17, 2024, 6:00 PM

                @maltepk said in Accessing LAN from a specific IP from WAN:

                Are there any other settings I need to change in the pfSense?

                No. It should work.

                I suspect, that your LAN device blocks the access.

                To investigate use Diagnostic > Packet Capture to sniff the traffic on the LAN.
                E.g. with pinging a LAN device, state icmp for the protocol and the destination IP at the IP / hosts filter. Start the capture and try to ping the machine from outside.
                What do you get?

                1 Reply Last reply Reply Quote 0
                • M
                  maltepk @the other
                  last edited by Dec 17, 2024, 8:30 PM

                  @the-other said in Accessing LAN from a specific IP from WAN:

                  @maltepk
                  You added that static route in fritzbox gui, okay.
                  You disabled "Block private networks" inpfsense WAN Interface, done.
                  But did you add a rule (WAN Interface) for that ONE IP you want to use to access your network(s) behind pfsense?
                  Something like

                  Source IP.YOU.WANT allow Destination LAN (or your subnet VLAN XY) Ports AS WANTED/ALL etc.

                  This helped me to get access. Thank you!

                  T V 2 Replies Last reply Dec 17, 2024, 9:22 PM Reply Quote 0
                  • T
                    the other @maltepk
                    last edited by Dec 17, 2024, 9:22 PM

                    @maltepk
                    :)

                    the other

                    pure amateur home user, no business or professional background
                    please excuse poor english skills and typpoz :)

                    1 Reply Last reply Reply Quote 0
                    • V
                      viragomann @maltepk
                      last edited by Dec 17, 2024, 9:32 PM

                      @maltepk
                      You didn't even add a rule to allow this?
                      pfSense is a firewall! 🙄

                      1 Reply Last reply Reply Quote 0
                      10 out of 10
                      • First post
                        10/10
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received