Configure NAT to access internal servers on wan port



  • Our branch office is unable to connect to our internal network for some reason.  However we can connect to the branch office domain controller from behind PfSense.  I would like some assistance with setting-up NAT to correct this issue please, if NAT is whats needed.

    The following is our setup:

    |Branch DC - 192.168.0.101
    |
    |Branch Firewall (Cisco RV082) - 192.168.0.2
    |
    |(Internet - VPN)
    |
    |Local Firewall  (Cisco RV082) - 192.168.3.1
    |
    |PFSense WAN port - 192.168.3.100
    |PFSense LAN port- 192.168.1.1
    |
    |
            DC1 - 192.168.1.2|DC2 - 192.168.1.4

    • Branch DC can ping and connect to PFSense WebGUI on the WAN port successfully (we set this up using the documentation).
    • DC1 and DC2 can connect outbound to the Branch DC.

    Our firewall rules are set to allow all traffic on the LAN and WAN ports.
    Currently "block private and bogon networks" are disabled on both ports.

    • The firewalls mentioned are Cisco RV082's.  Connected via Site-to-Site VPN.

    • We only have one PFSense box. What I listed was on the ethernet0 and ethernet1 ports.

    As you can see, the "WAN IP" of PfSense is actually an IP received from our firewall since PfSense is not connected directly to the internet.  I have actually been trying to figure out the NAT configuration as I type.

    It would be ideal to just disable the firewall altogether since we already have a firewall but when we do this, PfSense doesn't allow any internal traffic at all  :-.  I look forward to any assistance and thank you ahead of time.



  • alltime…

    Just a thought since you don't need the wan port and your already behind the firewall.
    What would happen if you added an additional LAN port and have any-any rule for incoming traffic?
    I responded to your other thread and suggested blocked UDP however this seems more like a rule blocking than nat but I may be wrong...

    H.



  • Hmeister,

    Thank you for your assistance, I went ahead and responded at http://forum.pfsense.org/index.php/topic,37661.0.html

    I will continue to use the other thread only to reduce duplicates.


Locked