Problems with connections to LAN from WAN

  • First of all I want to mention that we use pfsense 1.2.2 in a similar environment without problems.
    Now I installed pfsense 1.2.3 with WAN, LAN, OPT1 and OPT2 interfaces, every subnet has public IPs. I copied the rules from our old firewall and internet access from LAN, OPT1 and OPT2 works without any problem. We need to access some services on our subnet from outside, so I introduced an incoming rule on the WAN interface to allow ssh access to an IP x.x.x.x on the LAN subnet, this did not work. To go into more detail I activated logging in the ssh rule on the WAN and introduced an incoming ssh rule on the LAN with logging in addition. The Log showed that the ssh request passed the WAN interface but never reached the LAN interface. If I try to ping (with pfsense's ping tool) a LAN address from the WAN, OPT1 or OPT2 interfaces I don't get any answer, in contrast to our old pfsense installation. It looks to me that routing between the interfaces works from LAN, OPT1 and OPT2 to WAN, but not the other direction. Have there been changes according to that between the two versions? I didn't find anything.

  • Rebel Alliance Developer Netgate

    Did you remember to shut off NAT on the new router?

    Firewall > NAT, switch to Manual Outbound NAT, then delete any rules that appear.

  • Thank's for the hint, but this was the first thing I looked for.
    I found my fault, it had nothing to do with pfSense. It was a matter of routing inside the network.