Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Double WAN and access device from the outside

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 151 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      Yamka
      last edited by Yamka

      Hello everyone!

      my pfSense has 2 WANs :
      one by cable and the other one wireless (WIFI) called WAN and WAN-W respectively
      WAN has a 192.168.X.1 address as it's linked to an intermediary device linked to the internet access.
      WAN-W has a proper Ipv4 public address.

      I'm trying to make a 192.168.X.X (the device lan ip address in my subnet) access to/from the outside. This is working and my device can access to internet. but i can't access to the device from outside of it.

      My goal is that i want to be able to access to it from outside the LAN.(where it's working already.) or at least access to the desired port with my ipv4 public address from outside.

      I access to my firewall on the port 9443.

      I can't access to the https://WAN-Wipaddress:8296 either from the outside. I only can if i'm in the LAN.
      I have tested a few things.

      I have a pass rule on my WAN-W interface with this aspect :
      Protocol : IPv4 TCP
      Source : *
      Port : *
      Destination : WAN-W address
      Port : 8296
      Gateway : *
      …

      I have a pass rule on my WAN-W interface with this aspect :
      Protocol : IPv4 TCP
      Source : *
      Port : 8296
      Destination : 192.168.X.X (the device lan ip address in my subnet)
      Port : 80(HTTP)
      Gateway : *
      …

      I do not understand how I am not capable of accessing anything with https://WAN-Wipaddress:8296. Which means that I can't access to 192.168.X.X:8296 from outside either.

      I don't know if it's a game-changing information but I also have a NAT rule :
      Interface : WAN-W
      Protocol : TCP
      Source address : *
      Source Ports : *
      Dest. Address : WAN-W address
      Dest. Ports : 8296
      NAT IP : 192.168.X.X (my device lan ip address)
      NAT Ports : 80 (HTTP)

      Interface : WAN-W
      Protocol : TCP
      Source address : *
      Source Ports : *
      Dest. Address : WAN-W address
      Dest. Ports : 8296
      NAT IP : 192.168.X.X (my lan ip address)
      NAT Ports : 80 (HTTP)

      I have turned off pfBlockerNG and SNORT but it doesn't change anything.

      Am I missing a fondamental concept? Am i mixing things? My rules seem right.

      Don't hesitate to ask if you need further informations.
      Thank you very much :)

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Yamka
        last edited by

        @Yamka said in Double WAN and access device from the outside:

        I can't access to the https://WAN-Wipaddress:8296 either from the outside

        Did you mean, the WAN-W address here?

        And when you're talking about a LAN device, is this within the WAN network from the view of pfSense?
        You mentioned to same IP ranges for both, so I assume, they are the same. Otherwise you need to use different subnets or bridge the interfaces.

        @Yamka said in Double WAN and access device from the outside:

        I have a pass rule on my WAN-W interface with this aspect :
        Protocol : IPv4 TCP
        Source : *
        Port : *
        Destination : WAN-W address
        Port : 8296
        Gateway : *
        …

        This is obviously not, what you really want.

        I have a pass rule on my WAN-W interface with this aspect :
        Protocol : IPv4 TCP
        Source : *
        Port : 8296
        Destination : 192.168.X.X (the device lan ip address in my subnet)
        Port : 80(HTTP)
        Gateway : *

        According this rule you want to allow access to 192.168.X.X in fact. So you need to state this in the destination of the pass rule as well.
        However, you can also let the NAT rule add an associated pass rule.

        Y 1 Reply Last reply Reply Quote 0
        • Y
          Yamka @viragomann
          last edited by Yamka

          @viragomann said in Double WAN and access device from the outside:

          According this rule you want to allow access to 192.168.X.X in fact. So you need to state this in the destination of the pass rule as well.
          However, you can also let the NAT rule add an associated pass rule.

          thank you so much! this has helped me resolve my problem, i had in fact misunderstood how things were working but i've changed my NAT rule this way :

          Interface : WAN-W
          Protocol : TCP
          Source address : * [then restrained it]
          Source Ports : *
          Dest. Address : WAN-W address
          Dest. Ports : 8296
          NAT IP : 192.168.X.X (my device lan ip address)
          NAT Ports : 8296

          @viragomann said in Double WAN and access device from the outside:

          associated pass rule

          Fact is it couldn't reach because the device's server simply wasn't on the port 80 ahaha.
          I've also added this instead of trying to do it manually and i can now access my device on port 8296 with the redirection of me reaching the WAN-W:8296.

          thank you again :))

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.