Site2Site Forward a Port from WAN to S2S Network



  • Hello, i followed this Guide http://forum.pfsense.org/index.php/topic,12888.0.html

    To set up a Site connection between my Rootserver (pfsense) and my Homeserver (also pfsense) both pfsense 2.0 latest release

    Home Network 192.168.10.0/24
    Server LAN Network 192.168.11.0/24
    OPENVPN Server Network 192.168.12.0/24 (On the Rootserver)
    Server WAN IP: xx.xx.xx.xx

    What i try is to forward a Port from the WAN Interface to a Device in the Site-to-Site network..
    e.g. a Webserver on 192.168.10.1 Port 80..

    What i (newbie) did, was just creating a port forwarding from the wan Interface to the destination 192.168.10.1 port 80.. does not work…

    before i started creating a site-to-site network, i created just a remote access vpn with the setting all traffic via default gw... and i tried the same, and it worked, i could forward a port to that client... Of course was it working, because the client was knowing the way back.

    I saw many many threads where people answered but only with iptables commands.

    How can i do the same like e.g.

    http://efreedom.com/Question/2-113680/Route-Specific-HTTP-Requests-PfSense-OpenVPN

    and this one http://unix.stackexchange.com/questions/55791/port-forward-to-vpn-client

    But how to do that with the gui on pfsense? Is it possible?

    WAN IP + PORT -> Rootserver- OpenVPN- Server - OpenVPN Client- Site-to-site network - device in s2s network+Port

    Maybe its only possible with Pfsense 2.1

    Another Guy in this post got maybe the same problem but maybe other circumstances

    http://forum.pfsense.org/index.php/topic,57970.0.html

    To make it easier to understand: All i want is to access a webserver on a Device on the Site-To-Site Network on the Client side from the external WAN Adress of the server site.



  • Hello.  Just wondering if you ever found a solutions for this.  I am trying to do the same thing with no luck…



  • without seeing your exact setup i can't give you exact answer but from what i can tell i see it this way:

    on first pfsense you allow incoming traffic on needed port
    then i believe the other site is a VPN client to pfsense on the first site, so you setup forwarding rule to forward traffic from WAN interface to IP address of of the VPN interface of the other site

    on the other side, setup rule allowing incoming traffic on that particular port
    after this one more rule, setup forwarding from VPN interface to internal ip address of the server on the other side

    Hope this helps



  • Hi kallii.

    I am not sure I fully understand what you are asking me to do…

    But it sounds like you are saying to setup a route FROM the VPN interface to the server...

    So, example would be...

    Site A:
        External IP: 60.50.40.30 & 60.50.40.31 & 60.50.40.32 (Have 3 External IP Addresses)
        Internal IP: 10.40.163.XXX
        Tunnel Network: 192.168.2.0

    Site B:
        External IP: 80.70.60.40
        Internal IP: 10.40.162.XXX
        Tunnel Network: 192.168.2.0

    Then I would create a forward from 162.168.2.XX to 10.40.162.XXX right? But, lets say I want 2 servers on the VPN Client side...
        If you go to http://60.50.40.30 I want it to point to 10.40.162.10
        If you go to http://60.50.40.31 I want it to point to 10.40.162.11

    Is this possible?

    Thanks!