Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access LAN subnet from WAN IP

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Assassin
      last edited by

      Hello everybody,

      this question may sound stupip, but I could't think about a solution for this problem.

      Config is like follows:

      pfSense 2.1

      On the WAN side I have my gateway to internet, 10.0.0.1 and my proxy server 10.0.0.100 (Windows Box w/ remote access.)
      On the LAN side I've got a 192.168.0.0/16 net.

      How can I access the 192.168.0.0/16 net from the Windows Box

      I've got some routers on the LAN Segment I'd like to configure from my Windows Box which is on the WAN side, is this even
      possible?

      Greetings, Gunnar

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        Real internet router back-side is 10.0.0.1
        Windows box is 10.0.0.100
        Lets say the pfSense WAN IP is 10.0.0.2
        Easiest way would be add a route on the Windows box to 192.168.0.0/16 through 10.0.0.2
        Add a firewall rule on pfSense WAN - pass source 10.0.0.100 destination 192.168.0.0/16 (or destination IPs-in-192-168-you want reachable)
        Of course, in doing this you are opening up some or all of your LAN to access from 10.0.0.100, which itself has some sort of remote access (in a DMZ-style role here by the sound of it). So if something hacks into 10.0.0.100 from the internet, it can then proceed to try and access LAN devices. You may or may not care about this.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • A
          Assassin
          last edited by

          Hi there Phil,

          just tried the solution you mentioned. I already added a route for the 192.168.0.0/16 net to my windows box before.
          Now I also created a firewall rule to let this traffic pass to the LAN Subnet.

          Unfortunately, it still does not work. Do I have to give the 10.0.0.99 address (WAN side of pfSense box) to my windows box as
          a kind of gateway?

          Please see attached screenshot from the config:

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            The route looks fine. The first WAN rule lets everything in, so you can't go wrong there - but it kind of defeats the idea of calling it a firewall :) The 2nd WAN rule by itself should also work.

            routers on the LAN Segment

            Now I see that the LAN segment has other routers, and presumably routes, behind it. Maybe those routers do not use the pfSense LAN IP (192.168.x.y) as their default gateway? Those routers will need to know that the route back to you at 10.0.0.0/24 is through the pfSense LAN IP 192.168.x.y - then they will be able to reply to your connection attempts.
            Post a network diagram if you get stuck further.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.