Secure LAN behind corporate LAN
I would like to setup a very secure configuration with pfsense. Setup would look like this:
WAN -> PFSENSE1 -> LAN1 (administration)-> PFSENSE2 -> LAN2(developpers)
The idea with this concept is to monitor and control people working in LAN2.
From Pfsense2 I can ping PFsense1, but that's it!
Any suggestions? What do you need to knowto help?
Depends on whether you're NATing on 2, if not, you need a static route on 1 pointing to 2 for the developer subnet
I have a static route on 1 pointing to the sunbnet behind 2. Before NATing anything, I'm just trying to browse the web. From a workstation in the dev subnet, I can ping pfsense1, but if I ping Google, I see that DNS are working (so is nslookup), but I get no response. When I try to browse to google.ca, I receive a 118 error, connection timeout…
The default LAN rule only allows the LAN subnet, you'll have to open that.