Double WAN and access device from the outside
-
Hello everyone!
my pfSense has 2 WANs :
one by cable and the other one wireless (WIFI) called WAN and WAN-W respectively
WAN has a 192.168.X.1 address as it's linked to an intermediary device linked to the internet access.
WAN-W has a proper Ipv4 public address.I'm trying to make a 192.168.X.X (the device lan ip address in my subnet) access to/from the outside. This is working and my device can access to internet. but i can't access to the device from outside of it.
My goal is that i want to be able to access to it from outside the LAN.(where it's working already.) or at least access to the desired port with my ipv4 public address from outside.
I access to my firewall on the port 9443.
I can't access to the https://WAN-Wipaddress:8296 either from the outside. I only can if i'm in the LAN.
I have tested a few things.I have a pass rule on my WAN-W interface with this aspect :
Protocol : IPv4 TCP
Source : *
Port : *
Destination : WAN-W address
Port : 8296
Gateway : *
…I have a pass rule on my WAN-W interface with this aspect :
Protocol : IPv4 TCP
Source : *
Port : 8296
Destination : 192.168.X.X (the device lan ip address in my subnet)
Port : 80(HTTP)
Gateway : *
…I do not understand how I am not capable of accessing anything with https://WAN-Wipaddress:8296. Which means that I can't access to 192.168.X.X:8296 from outside either.
I don't know if it's a game-changing information but I also have a NAT rule :
Interface : WAN-W
Protocol : TCP
Source address : *
Source Ports : *
Dest. Address : WAN-W address
Dest. Ports : 8296
NAT IP : 192.168.X.X (my device lan ip address)
NAT Ports : 80 (HTTP)Interface : WAN-W
Protocol : TCP
Source address : *
Source Ports : *
Dest. Address : WAN-W address
Dest. Ports : 8296
NAT IP : 192.168.X.X (my lan ip address)
NAT Ports : 80 (HTTP)I have turned off pfBlockerNG and SNORT but it doesn't change anything.
Am I missing a fondamental concept? Am i mixing things? My rules seem right.
Don't hesitate to ask if you need further informations.
Thank you very much :) -
@Yamka said in Double WAN and access device from the outside:
I can't access to the https://WAN-Wipaddress:8296 either from the outside
Did you mean, the WAN-W address here?
And when you're talking about a LAN device, is this within the WAN network from the view of pfSense?
You mentioned to same IP ranges for both, so I assume, they are the same. Otherwise you need to use different subnets or bridge the interfaces.@Yamka said in Double WAN and access device from the outside:
I have a pass rule on my WAN-W interface with this aspect :
Protocol : IPv4 TCP
Source : *
Port : *
Destination : WAN-W address
Port : 8296
Gateway : *
…This is obviously not, what you really want.
I have a pass rule on my WAN-W interface with this aspect :
Protocol : IPv4 TCP
Source : *
Port : 8296
Destination : 192.168.X.X (the device lan ip address in my subnet)
Port : 80(HTTP)
Gateway : *According this rule you want to allow access to 192.168.X.X in fact. So you need to state this in the destination of the pass rule as well.
However, you can also let the NAT rule add an associated pass rule. -
@viragomann said in Double WAN and access device from the outside:
According this rule you want to allow access to 192.168.X.X in fact. So you need to state this in the destination of the pass rule as well.
However, you can also let the NAT rule add an associated pass rule.thank you so much! this has helped me resolve my problem, i had in fact misunderstood how things were working but i've changed my NAT rule this way :
Interface : WAN-W
Protocol : TCP
Source address : * [then restrained it]
Source Ports : *
Dest. Address : WAN-W address
Dest. Ports : 8296
NAT IP : 192.168.X.X (my device lan ip address)
NAT Ports : 8296@viragomann said in Double WAN and access device from the outside:
associated pass rule
Fact is it couldn't reach because the device's server simply wasn't on the port 80 ahaha.
I've also added this instead of trying to do it manually and i can now access my device on port 8296 with the redirection of me reaching the WAN-W:8296.thank you again :))