Secure LAN behind corporate LAN



  • Hi everybody!

    I would like to setup a very secure configuration with pfsense. Setup would look like this:

    WAN -> PFSENSE1 -> LAN1 (administration)-> PFSENSE2 -> LAN2(developpers)

    The idea with this concept is to monitor and control people working in LAN2.

    From Pfsense2 I can ping PFsense1, but that's it!

    Any suggestions? What do you need to knowto help?

    Thanks,
    Felix



  • Depends on whether you're NATing on 2, if not, you need a static route on 1 pointing to 2 for the developer subnet



  • I have a static route on 1 pointing to the sunbnet behind 2. Before NATing anything, I'm just trying to browse the web. From a workstation in the dev subnet, I can ping pfsense1, but if I ping Google, I see that DNS are working (so is nslookup), but I get no response. When I try to browse to google.ca, I receive a 118 error, connection timeout…



  • The default LAN rule only allows the LAN subnet, you'll have to open that.


Log in to reply