Server internally does'nt see the real ip, only the ip of the gateway pfsense



  • Hello

    I'm trying to use a pfsense as a substitute of our hosting centers cisco gateway on my testbed for testing our new firewall

    The setup is as following:
    [Internet]->[Hosting-Cisco-gateway (85.10.100.1)]->[Our firewall (85.10.100.2)]->[Network (85.10.100.0/24)]

    We do not have access or very much knowledge of this cisco gateway other than it's used as gateway for all our machines who all have ip adresses defined in the mentioned 85 range

    The pfsense is sat as substituting the cisco gateway, with a couple of clients on the WAN side of the pfsense with random ip's

    I have disabled NAT, and made a allow any, any rule in the firewall part (else nothing works) and my clients can ping the machines on the inside network.

    But the problem is when a client is accessing ex. a webserver on port 80 on one of the 85 machines, if you look in the access_log - the request is coming from the pfsense lan ip (85.10.100.1), and not the actual ip.

    What do i miss?

    (the 85 network definition is made up, but it resembles the actual ip's)



  • How should firewall/router send traffic to right place? You have same subnets both side of pfsense.
    Do you want to use filtering bridge setup?



  • I will try to explain it more detailed, i know i have a overlap in networks, but the old firewall works with it

    [Internet]->[Wan: ?? [b]-Hosting Center Router- Lan: 85.10.100.1] -> [Wan: 85.10.100.2/30 [b]-Our firewall-  DMZ:85.10.100.253/24] -> [Network of machines with 85.10.100.x adresses]

    And its the Hosting Center Router im trying to substitute with my pfsense.

    The new firewall seems to be configured correctly, but i can't test for sure because of this little pfsense issue, when my client on the "internet" side of the router connects to a machine on the 85 network, the server machine sees the request as coming from the routers LAN ip, and not the actual ip adress



  • I can't help you with this. Maybe someone more experienced have some more insight knowledge about it



  • Could it mayby be a NAT issue? masqurading?



  • Just to understand correctly, your company bought a full block of IP addresses?


Locked