Forwarding traffic to IPSEC ?



  • Hi,

    I have a "simple" problem.

    I have one pfsense box with dynamic IP & ADSL. I can't have more public IP from my ISP but i have to open two ssl websites.
    So i build another pfsense box in a datacenter with 2 public IP.
    I create ipsec tunnel between the pfsense box, it's working.

    Pfsense Box 1 : DHCP for WAN / 192.168.1.254 LAN Net
    Pfsense Box 2 : WAN IP / 192.168.201.222 + 1 virtual IP

    From pfsense box 2, i can ping 192.168.1.6

    Now i just want to redirect virtual ip to 192.168.1.6 …

    Is this possible ?

    I tried NAT (port 80), i tried 1:1, nothing is working...

    Thanks

    Guldil



  • I think the problem is that web server default gateway sends traffic back direct to clients public ip to internet.

    If you can do outbound nat on firewall to translate client ip to firewall ip(192.168.1.254), then server can send traffic back to the correct link.



  • No it's not working… i have error in firewall from pfsense box 1, traffic from a client to 192.168.1.6:80 "blocked" ...
    I create a rules to pass, same result.



  • Can you monitor traffic on console or via web gui to see what is happening to package traffic?



  • I move to GRE Tunnel over IPSEC.

    Now i have one more interface on pfsense and i can ping remote side with it from GUI.
    I left GRE Interface on "none", i add gateway for GRE and add a route for remote LAN Subnet.

    From pfsense box 2 (192.168.201.222), i can ping my web server 192.168.1.6 and from pfsense box 1 (192.168.1.254), i can ping pfsense box 1 (192.168.201.222).
    I can ping with GRE IP adress (172.31.2.10)

    But from server behind pfsense, i can't ping remote side ?

    It's a problem with outbound NAT may be ?


Log in to reply