Connecting to computers on a WAN port



  • Hello I and a friend have a wireless bridge spanning 1km and I finally after 2 years found the time to set up a load balancing server with pfsense. But the firewall prevents me from accessing his network aim guessing this is a very easy fix but I just don't have the knowledge so if any one could help me out I really appreciate it

    pfsense server
    le0 83.161.***.***
    le1 172.0.1.0/24 (LAN)
    le2 172.0.0.0/24 gateway 172.0.0.1 (Lan + Internet)

    THE FIX for this problem

    enter the new rule for WAN2
    Protocol any,Source any,Destination any, Gateway default
    enter a new rule for LAN
    Protocol any,Source any,source lan subnet, Destination WAN2 subnet, Gateway default

    make sure the computer is not in the same subnet as WAN2



  • 172.0.1.0 is a public IP you shouldn't use that.
    allowed private IP's are
    192.168.x.x
    172.16.x.x ~ 172.31.x.x
    10.x.x.x

    how did you setup your balancing?
    did you change your firewallrules to use the balancing pool?
    also you need a rule which excludes the range of your friend from the balancer since you dont want to balance traffic to him. (you cannot reach him over your local WAN)
    also you might be interrested that on the "wan" tab there is an option which disables traffic to private IP's on WAN.



  • pfsense server
    le0 83.161.***.***
    le1 172.0.1.0/24 (LAN)
    le2 172.0.0.0/24 gateway 172.0.0.1 (Lan + Internet)

    My outgoing firewall settings

    The how-to that I fallowed
    http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing

    My friend should also be allowed to access my network and the load balancer



  • remove youre ftp work around
    that rule will make it that all the rules below it will never be seen



  • Don't think so it redirects to 127.0.0.1 on the load balancer it doesn't show in the overview. As it says in the how to here

    But the load balacing works it's just that I can't access the computers on the other side of the WAN2 and they can't use the pfsense gateway



  • FTP/NAT-Reflection Workaround
    If you want to connect to a FTP server you need to add this workaround to your LAN tab (or any other internal interface) at the very top of your rules:

    Protocol any,Source any,Destination 127.0.0.1, Gateway default

    Now the packets are forwarded correctly and you can connect to an FTP server. Please note that FTP will always be mapped to WAN only due to the multiport transfer character of this protocol. You also MUST have the ftp-helper enabled at Interfaces>LAN (or any other internal subnet that will use outbound FTP).

    you've missconfigured the ftp-workaround rule.
    your destination is * (everywhere)
    and not 127.0.0.1



  • No I didn’t it's a bug see attachment

    But that isn't the question, how can the computers on the other side of the WAN2 access my network and pfsense gateway

    EDIT

    FIXED

    wille just browzing the web interface i found there is a tab WAN2 (didn't see that before)

    enter the new rule for WAN2
    Protocol any,Source any,Destination any, Gateway default
    enter a new rule for LAN
    Protocol any,Source any,source lan subnet, Destination WAN2 subnet, Gateway default

    make sure the computer in LAN is not in the same subnet as WAN2



Log in to reply