Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    No communications between Interfaces using 1:1 NAT

    NAT
    2
    3
    844
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rickpo12 last edited by

      Here is my setup:
      pfSense:  2.1-Release(amd64)

      Interfaces:
      WAN = 192.168.1.1 (this actually has a public IP assigned to it)
      VLAN100 = [GW] = 10.100.100.1
      VLAN200 = [GW] = 10.200.200.1

      1:1 NAT:
      192.168.1.30 -> 10.100.100.30
      192.168.1.45 -> 10.200.200.45

      Servers:
      CentOS #1
      IP = 10.100.100.30/24
      GW = 10.100.100.1

      CentOS #2
      IP = 10.200.200.45/24
      GW = 10.200.200.1

      Scenario:
      1.  If I log into CentOS #1 and login to a remote server via ssh I have no problem.  If I attempt to log into CentOS #2 via ssh I cannot connect.  There are no firewalls (IPTABLES) running on either server at this point.
      2.  From another remote computer, meaning on that is not behind the pfSEnse firewall, I can ssh into either CentOS #1 or #2 without issues.
      3.  The issue comes when I attempt to communicate between two servers that are both behind the pfSense firewall AND are on different interfaces/networks.

      NOTE:  I do have the default setting for the WAN interface of "Block private networks".  When I unchecked this option is caused my pfSense FW to crash.  Because this is a production FW I quickly enabled that option after the FW rebooted after the crash.

      My question to this group is do you believe the issue that I am having with communication between servers on different interfaces/networks is being caused by this "Block private networks" option being enabled?  If so, does anyone know of a way to  disable this without it causing the pfSense FW to crash?

      Thank you all for your import.

      Rick

      1 Reply Last reply Reply Quote 0
      • ptt
        ptt Rebel Alliance last edited by

        Do you have  FW rules, on both pfSense interfaces, allowing traffic between those network segments ?

        1 Reply Last reply Reply Quote 0
        • R
          rickpo12 last edited by

          ptt - Good question and one that I should have provided.  For testing purposes I have opened up all traffic into VLAN100 and VLAN200 from the WAN, and I have also opened all traffic out from both VLAN100 and VLAN200.  As I mentioned, from a remote computer that is not behind the firewall I can connect to either CentOS #1 or #2 without issues.  The issue only arises when trying to go from VLAN100 to a server on VLAN200 or vis-versa.  One additional note:  If I attempt to ssh from CentOS #1 to CentOS #2, I do receive a login prompt, but entering the correct user and passwork fail.  My assumption is that I am somehow being connected to the pfSense FW and not the CentOS #2 server.  Not sure why, but I am sure it has to do with the current setup and the issues that I am having.

          Thank you again in advance for your help.

          Rick

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy