Natting problem with Pfsense and cisco1841 router



  • We have following configuration:

    Internet
      |
      |
      |
    cisco router 1841 ip: xxx.xxx.xxx.17/28 (public ip)
      |
      |
      |
    pfSense with snort, squid, squidgaurd:
    wan ip: xxx.xxx.xxx.18/28 (public ip)
    lan ip: xxx.16.1.2/16 (private ip)
    with vlan xxx.17.1.0/16, xxx.18.1.0/16, xxx.19.1.0/16
    static route has been added like
                        Hosp network:xxx.17.0.0/16 gateway xxx.16.1.1 for all vlans.
      |
      |
      |
    Allied Telesis L3 switch with vlan mapping to xxx.16.1.1
      |
      |
    network of 3 vlans and 1 lan.

    Now i want to connect web server which is in lan (ip: xxx.16.1.5/16) from the internet.
    I tried with different ways like, 1:1, port forward, static routes but without success.
    I tested it from outside of my network. But no success.
    Read cisco setup also. Cisco router tech says that, i has to make setting in PFsense for accessing the webserver in private network as no natting is done in router.

    Please help me in connecting web server from the internet.



  • Little further,

    I added this
    1.nat rule
    WAN TCP 80 (HTTP) xxx.16.1.5 (ext.: xxx.xxx.xxx.18)# 80 (HTTP)

    #wan interface address

    2. Fire wall rule (auto added)
    TCP * * 172.16.1.5 80 (HTTP) *

    but no success!!



  • See http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

    Your config looks fine, so it's probably one of numbers 2 through 7 under Common Problems. My first guess is 7.



  • Thank you cmb,
    I read the document and tried your guess also. I solved the problem in two steps.

    1. First i tested with the Interface address and disabled the firewall in client.
    It worked.

    2. Then i tried with the virtual ip for additional public ip. No success.
    Then i unchecked FTP helper in wan interface and it worked.

    Actually i am trying this for last 1 week without success. But your 2 hints solved the problem within 10 minutes.

    Thank you once again.


Log in to reply