Share between the lan and WAN
i finaly managed to install PSENSE, however i want to allow the share and communication between the WAN and LAN,
i have Domain controller and exchange and file server on the LAN 192.168.4.X
and my Client pc on the WAN side 192.168.2.X
my client PC on the WAN side is joined to the Domain controller on the on the LAN,
how can i allow the share between both interfaces?
I have done this on odd occasions where the WAN side has an "ADSL modem & WiFi AP device" and the small site had no other WiFi AP. They wanted to be able to connect laptops to the WAN-side WiFi and still see resources on the LAN as well as get out to the internet.
I think these were roughly the steps:
a) Add a firewall rule on WAN to pass traffic from 192.168.2.0/24
b) Turn off any DHCP on the real internet modem/router that is between the WAN and real internet.
c) Give DHCP on the pfSense WAN, so it gives clients on the WAN side an IP address with gateway and DNS of the pfSense WAN IP. (e.g. pfSense WAN IP = 192.168.2.1)
d) Add a NAT rule to NAT from 192.168.2.0/24 to the pfSense WAN IP 192.168.2.1 - this will NAT your WAN-side clients when they browse the real internet, so replies will come back through pfSense, which can keep track of the states.
e) Put something reasonable in the DNS forwarder - e.g. a domain override that refers requests for internal names (like *.internal.mycompany.com) to a DNS server on the DC on the LAN side that can resolve the names.
pfSense will happily route between the LAN and WAN subnets in both directions.
You can't browse the LAN, but you can use the names of LAN servers to reach them.