Dual WAN - Portforwarding Problems
-
Hi,
I need this strange setup because here in my student apartment-sharing community we have an ADSL Line from Arcor trough which we go online. Some weeks ago we noticed that we also have an Wlan Signal from the unsecured University Wlan. Therefore I installed a Yagi Antenna und put an Atheros Card in the PFsense. And made a rule for the Lan that if Someone wants to Connect to the "University-VPN-Gateway" he wil be redirected to the Wlan. This happens when you start the Cisco VPN Client. The advanteage of this is, that you get an IP from the University Network an you are able to access sites like Physical Revies and download the Papers for free. The Linux Box is, that I have 3 Computer where I dont want to log in with the Cisco Client because Windwos unsecured for a longer Time on the Inet is not a very good idea in my Mind.
The thing is, I get on through the Wlan 10Mbit as upload Speed, well a big difference compared to the 512 from Arcor.
I thing Pfsense had some things messed up, therefore I restarted from the begining, and everything is working. After some reboots.The only differece right now is, that I dont have enable the "Advanced Outbound rules". Forwardings are working.Maybe you could clarify for me what exactly this "Advanced Outbound is for"
I also noticed one thing with the FTP on dual wan, when I was trying to find out what is going wrong I put a Static IP on WAN and I was also able to make from outside a connection to a Forwarded FTP Server. And also be able to connect via FTP throug OPT1 to an Inet FTP.
After I switched to PPoe on WAN and enabled the Traffic Shaper the FTP Helper redirected my my FTP Connections through Wan instead sending them thorugh Opt1
MAybe this is what you consider in your Faq with FTP does not work with Dual Wan
Regards
-
Advanced outbound NAT is if you have multiple IPs at WAN for example and want to map special machines or ports to use another IP than the default one for outbound traffic. It also can be used with CARP setups to use the virtual IP instead of the physical one of the machine.
The ftp-helper only works for the original WAN. This means ftp connections will always be made through WAN no matter what firewallrules you set. You can disable the ftp helper at all interfaces but this usually introduces nat/firewall problems. ftp doesn't work very well behind nats as it uses more than port 21 to transfer data.
-
Ok I see,
only to get it right, for every LocalLanNetwork which I want to let out via WAN or Opt1 I need to make an entry. In my special case it would be:If I enable Advanced Outbound Nat on my Setup I would get first de Default rule which I need to go from Lan (192.168.0.0./24 Lan Network)>Wan.
Then I must add the following rules:
add a rule for Lan (192.168.0.0./24 Lan Network)> WLAN-OptionalNetwork (Atheros Card on University Network) to Use the Cisco Client on an Lanhost
add a rule for Lan (192.168.0.0./24 Lan Network)> WAN2-OptionalNetwork (Linuxsbox , to send some special host out this way)
add a rule for Linuxboxout(192.168.195.0./24 Linuxboxout Network) > WLAN-OptionalNetwork (Atheros Card on University Network)In Summary this would be 4 rules.
and if I want to Host a Counterstrike Source Dedicated Server I need to add another Outbound Map on the Inferace on which the Server is listening with the Static Port option ticked?
-
You are mixing things up a bit here.
1. NAT happens automatically for all Interfaces that have a Gateway unless you have enabled advanced outbound NAT.
2. If it's not a WAN but only another subnet like 192.168.0.0/24 you should add a static route instead of policybasedrouting.
3. Incoming NATs (like your counterstrike server) are handled by the portforward. These connections are stateful and won't be handled by the outgoing policybased rules.
-
Hi,
I got a similair problem.
I got 2 wans and i want to route RDP from the OPT1 (WAN2) to a IP in the LAN.
When i do it from the WAN to a IP it works and when i use the WAN2 interface it doesn't work.So can someone give a solution for this problem?
I don't understand the solution above.Thank you.
Kind regard Rob
-
What gateway do you use for the firewall rule at your optwan? You should have it at "default".
-
Overhere my info:
WAN= DHCP cable
WAN2= 192.168.1.1 (gateway) 192.168.1.4 (IP)
LAN = 10.10.0.1
PC = 10.10.0.20Firewall rules:
LAN:
* 10.10.0.20 * * * 192.168.1.1 Default LAN -> any
WAN:
TCP/UDP * * 10.10.0.20 3389 (MS RDP) * NAT RDP laptop
WAN2:
TCP/UDP * * 10.10.0.20 3389 (MS RDP) * NAT RDP laptop
Firewall: NAT: Port Forward
WAN2 TCP/UDP 3389 (MS RDP) 10.10.0.20
(ext.: any) 3389 (MS RDP) RDP laptopWAN TCP/UDP 3389 (MS RDP) 10.10.0.20
(ext.: any) 3389 (MS RDP) RDP laptopNAT Outbound:
I tryed:
IPSecAnd advanced outbound NAT :
WAN2 10.10.0.0/24 * * * * * NO Auto created rule for LAN
WAN 10.10.0.0/24 * * * * * NO Auto created rule for LANRDP works on WAN and not on WAN2
-
You have a router at your OPTWAN (private IP range). Make sure it actually is passing in the connection.
I just set up an RDP portforward at an OPTWAN to LAN at our office. Works without issues.
-
I know that but i tryed to connect from that local network (without firewall / rules etc.)
Ps. when i switch OPT1 with WAN then it works… (i tryed that also)
-
I'm wandering if this can be done OK with pfsense too. Hoba suggests yes. I have a webserver that I need (temporarily at least) to be accessible from internet via either WAN connection. My first effort was with a commercial dual WAN router = no go (with the OPT connection up port forwarding on primary WAN stopped working!) Then I tried putting a 2nd nic in the server with 2 routers and that didn't work (I couldn't figure out how to get traffic to go out on the gateway matching incoming connection!) so I am hoping pfsense will work.
If I do this do this and create 2 X NAT portforwards for 80 > webserver one FROM OPT and one from WAN or just one rule with ANY and are there any other things I should watch out for? Thanks!