Site2Site Forward a Port from WAN to S2S Network

  • Hello, i followed this Guide,12888.0.html

    To set up a Site connection between my Rootserver (pfsense) and my Homeserver (also pfsense) both pfsense 2.0 latest release

    Home Network
    Server LAN Network
    OPENVPN Server Network (On the Rootserver)
    Server WAN IP: xx.xx.xx.xx

    What i try is to forward a Port from the WAN Interface to a Device in the Site-to-Site network..
    e.g. a Webserver on Port 80..

    What i (newbie) did, was just creating a port forwarding from the wan Interface to the destination port 80.. does not work…

    before i started creating a site-to-site network, i created just a remote access vpn with the setting all traffic via default gw... and i tried the same, and it worked, i could forward a port to that client... Of course was it working, because the client was knowing the way back.

    I saw many many threads where people answered but only with iptables commands.

    How can i do the same like e.g.

    and this one

    But how to do that with the gui on pfsense? Is it possible?

    WAN IP + PORT -> Rootserver- OpenVPN- Server - OpenVPN Client- Site-to-site network - device in s2s network+Port

    Maybe its only possible with Pfsense 2.1

    Another Guy in this post got maybe the same problem but maybe other circumstances,57970.0.html

    To make it easier to understand: All i want is to access a webserver on a Device on the Site-To-Site Network on the Client side from the external WAN Adress of the server site.

  • Hello.  Just wondering if you ever found a solutions for this.  I am trying to do the same thing with no luck…

  • without seeing your exact setup i can't give you exact answer but from what i can tell i see it this way:

    on first pfsense you allow incoming traffic on needed port
    then i believe the other site is a VPN client to pfsense on the first site, so you setup forwarding rule to forward traffic from WAN interface to IP address of of the VPN interface of the other site

    on the other side, setup rule allowing incoming traffic on that particular port
    after this one more rule, setup forwarding from VPN interface to internal ip address of the server on the other side

    Hope this helps

  • Hi kallii.

    I am not sure I fully understand what you are asking me to do…

    But it sounds like you are saying to setup a route FROM the VPN interface to the server...

    So, example would be...

    Site A:
        External IP: & & (Have 3 External IP Addresses)
        Internal IP: 10.40.163.XXX
        Tunnel Network:

    Site B:
        External IP:
        Internal IP: 10.40.162.XXX
        Tunnel Network:

    Then I would create a forward from 162.168.2.XX to 10.40.162.XXX right? But, lets say I want 2 servers on the VPN Client side...
        If you go to I want it to point to
        If you go to I want it to point to

    Is this possible?


Log in to reply