Forward webconfigurator interface from one machine to another one



  • So,

    in my network set up i have two pfsense machines chained in series to eachother. We'll call them pf1 and pf2

    PF1 has two WAN connections: WAN1 and WAN2, and a LAN connection with ip 192.168.3.1. (LAN1) This machine serves as failover/balancer.

    PF2 has 2 WAN connections : WAN3, and WAN4 with ip 192.168.3.2 (this last one being hooked to the LAN of the PF1 thus as a gateway using 192.168.3.1), and 2 LANs. (LAN2 and LAN3) One of them mapped with firewall rules to go on WAN3 and the other on WAN4.

    My failover/balancing works fine and everyone has access and is happy.

    Here lies my problem.

    I have the webconfigurator of one machine , pf1 on the LAN1 address say port 1111
    and the webconfigurator of pf2 on LAN2 address port 1111.

    Since i myself am on LAN2 i wanted to be able to monitor access both panels from lan 2.

    SO my logic was to start NAT'ing.

    in PF1 NAT port 1111 of 192.168.3.2 (which is the pf2 WAN, and is pingable from PF1) to the port 1111 of 192.168.3.1

    and then on the second machine PF2 NAT port 1111 of 192.168.3.2 on port 1112 of my lan2 address.

    This way from my LAN2 network i could navigate to :

    PF2 : 1111 and get my pf2 panel
    PF2 : 1112 and get my pf1 panel

    this, is not working. Not only the whole thing is not applying, but even on my PF1 box where is set up the following rule:

    If Proto Src. addr Src. ports Dest. addr   Dest. ports NAT IP NAT Ports Description

    LAN TCP/UDP * *        192.168.3.2    1111       192.168.3.1 1111

    Why would my nat'ing within the same machine/network/class not work?

    I hope the explanation was not too confusing.

    thank you in advance



  • Solved. I was overthinking it.
    On nat rule sufficed. ON PF2 mapping port 1112 of the LAN2 on 192.168.3.1:1111.

    Done.


Locked