Port nat to subnet behind internal pfsense router



  • I'm trying to setup port nats to some internal IP addresses behind an internal pf router

    public VIP – pf1 -- internal subnet -- pf2 -- second internal subnet (s2 - 10.50.0.0)

    pf2 has no nat rules and I can access the hosts on 10.50 from pf1 and from my internal subnet.  I setup port NATs on pf1 VIPs to the 10.50 addresses but it doesn't appear to work.  Can't connect externally, don't get anything logged in the firewall log and don't see any states open up on pf1.

    Should this work?

    thanks



  • That works, you need the normal port forward+rule on pf1, and a firewall rule on pf2's WAN to allow the traffic.



  • @cmb:

    That works, you need the normal port forward+rule on pf1, and a firewall rule on pf2's WAN to allow the traffic.

    Have done it with other routers so I assumed there was no magic.  I will keep digging, I'm not sure what I'm missing.

    thanks



  • If you have switched to AON, then you are going to have to create a rule for pf2 subnet. Can you get to the internet from behind pf2?



  • @podilarius:

    If you have switched to AON, then you are going to have to create a rule for pf2 subnet. Can you get to the internet from behind pf2?

    As it turns out I had the DNS record published incorrectly so I was beating on someone elses firewall trying to get in.  Fixed that up and everything works nicely, amazing what one digit will do to you.  I should have just stopped yesterday and gone home.

    -andy


Locked