• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Access LAN subnet from WAN IP

Scheduled Pinned Locked Moved Routing and Multi WAN
4 Posts 2 Posters 2.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    Assassin
    last edited by Sep 18, 2013, 9:01 PM

    Hello everybody,

    this question may sound stupip, but I could't think about a solution for this problem.

    Config is like follows:

    pfSense 2.1

    On the WAN side I have my gateway to internet, 10.0.0.1 and my proxy server 10.0.0.100 (Windows Box w/ remote access.)
    On the LAN side I've got a 192.168.0.0/16 net.

    How can I access the 192.168.0.0/16 net from the Windows Box

    I've got some routers on the LAN Segment I'd like to configure from my Windows Box which is on the WAN side, is this even
    possible?

    Greetings, Gunnar

    1 Reply Last reply Reply Quote 0
    • P
      phil.davis
      last edited by Sep 19, 2013, 1:17 AM

      Real internet router back-side is 10.0.0.1
      Windows box is 10.0.0.100
      Lets say the pfSense WAN IP is 10.0.0.2
      Easiest way would be add a route on the Windows box to 192.168.0.0/16 through 10.0.0.2
      Add a firewall rule on pfSense WAN - pass source 10.0.0.100 destination 192.168.0.0/16 (or destination IPs-in-192-168-you want reachable)
      Of course, in doing this you are opening up some or all of your LAN to access from 10.0.0.100, which itself has some sort of remote access (in a DMZ-style role here by the sound of it). So if something hacks into 10.0.0.100 from the internet, it can then proceed to try and access LAN devices. You may or may not care about this.

      As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
      If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

      1 Reply Last reply Reply Quote 0
      • A
        Assassin
        last edited by Sep 19, 2013, 9:49 AM

        Hi there Phil,

        just tried the solution you mentioned. I already added a route for the 192.168.0.0/16 net to my windows box before.
        Now I also created a firewall rule to let this traffic pass to the LAN Subnet.

        Unfortunately, it still does not work. Do I have to give the 10.0.0.99 address (WAN side of pfSense box) to my windows box as
        a kind of gateway?

        Please see attached screenshot from the config:

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by Sep 19, 2013, 10:31 AM

          The route looks fine. The first WAN rule lets everything in, so you can't go wrong there - but it kind of defeats the idea of calling it a firewall :) The 2nd WAN rule by itself should also work.

          routers on the LAN Segment

          Now I see that the LAN segment has other routers, and presumably routes, behind it. Maybe those routers do not use the pfSense LAN IP (192.168.x.y) as their default gateway? Those routers will need to know that the route back to you at 10.0.0.0/24 is through the pfSense LAN IP 192.168.x.y - then they will be able to reply to your connection attempts.
          Post a network diagram if you get stuck further.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received