Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configure NAT to access internal servers on wan port

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alltime
      last edited by

      Our branch office is unable to connect to our internal network for some reason.  However we can connect to the branch office domain controller from behind PfSense.  I would like some assistance with setting-up NAT to correct this issue please, if NAT is whats needed.

      The following is our setup:

      |Branch DC - 192.168.0.101
      |
      |Branch Firewall (Cisco RV082) - 192.168.0.2
      |
      |(Internet - VPN)
      |
      |Local Firewall  (Cisco RV082) - 192.168.3.1
      |
      |PFSense WAN port - 192.168.3.100
      |PFSense LAN port- 192.168.1.1
      |
      |
              DC1 - 192.168.1.2|DC2 - 192.168.1.4

      • Branch DC can ping and connect to PFSense WebGUI on the WAN port successfully (we set this up using the documentation).
      • DC1 and DC2 can connect outbound to the Branch DC.

      Our firewall rules are set to allow all traffic on the LAN and WAN ports.
      Currently "block private and bogon networks" are disabled on both ports.

      • The firewalls mentioned are Cisco RV082's.  Connected via Site-to-Site VPN.

      • We only have one PFSense box. What I listed was on the ethernet0 and ethernet1 ports.

      As you can see, the "WAN IP" of PfSense is actually an IP received from our firewall since PfSense is not connected directly to the internet.  I have actually been trying to figure out the NAT configuration as I type.

      It would be ideal to just disable the firewall altogether since we already have a firewall but when we do this, PfSense doesn't allow any internal traffic at all  :-.  I look forward to any assistance and thank you ahead of time.

      1 Reply Last reply Reply Quote 0
      • H
        hmeister
        last edited by

        alltime…

        Just a thought since you don't need the wan port and your already behind the firewall.
        What would happen if you added an additional LAN port and have any-any rule for incoming traffic?
        I responded to your other thread and suggested blocked UDP however this seems more like a rule blocking than nat but I may be wrong...

        H.

        Best Regards;
        H.

        1 Reply Last reply Reply Quote 0
        • A
          alltime
          last edited by

          Hmeister,

          Thank you for your assistance, I went ahead and responded at http://forum.pfsense.org/index.php/topic,37661.0.html

          I will continue to use the other thread only to reduce duplicates.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.