No communications between Interfaces using 1:1 NAT



  • Here is my setup:
    pfSense:  2.1-Release(amd64)

    Interfaces:
    WAN = 192.168.1.1 (this actually has a public IP assigned to it)
    VLAN100 = [GW] = 10.100.100.1
    VLAN200 = [GW] = 10.200.200.1

    1:1 NAT:
    192.168.1.30 -> 10.100.100.30
    192.168.1.45 -> 10.200.200.45

    Servers:
    CentOS #1
    IP = 10.100.100.30/24
    GW = 10.100.100.1

    CentOS #2
    IP = 10.200.200.45/24
    GW = 10.200.200.1

    Scenario:
    1.  If I log into CentOS #1 and login to a remote server via ssh I have no problem.  If I attempt to log into CentOS #2 via ssh I cannot connect.  There are no firewalls (IPTABLES) running on either server at this point.
    2.  From another remote computer, meaning on that is not behind the pfSEnse firewall, I can ssh into either CentOS #1 or #2 without issues.
    3.  The issue comes when I attempt to communicate between two servers that are both behind the pfSense firewall AND are on different interfaces/networks.

    NOTE:  I do have the default setting for the WAN interface of "Block private networks".  When I unchecked this option is caused my pfSense FW to crash.  Because this is a production FW I quickly enabled that option after the FW rebooted after the crash.

    My question to this group is do you believe the issue that I am having with communication between servers on different interfaces/networks is being caused by this "Block private networks" option being enabled?  If so, does anyone know of a way to  disable this without it causing the pfSense FW to crash?

    Thank you all for your import.

    Rick


  • Rebel Alliance

    Do you have  FW rules, on both pfSense interfaces, allowing traffic between those network segments ?



  • ptt - Good question and one that I should have provided.  For testing purposes I have opened up all traffic into VLAN100 and VLAN200 from the WAN, and I have also opened all traffic out from both VLAN100 and VLAN200.  As I mentioned, from a remote computer that is not behind the firewall I can connect to either CentOS #1 or #2 without issues.  The issue only arises when trying to go from VLAN100 to a server on VLAN200 or vis-versa.  One additional note:  If I attempt to ssh from CentOS #1 to CentOS #2, I do receive a login prompt, but entering the correct user and passwork fail.  My assumption is that I am somehow being connected to the pfSense FW and not the CentOS #2 server.  Not sure why, but I am sure it has to do with the current setup and the issues that I am having.

    Thank you again in advance for your help.

    Rick


Log in to reply