Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No communications between Interfaces using 1:1 NAT

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rickpo12
      last edited by

      Here is my setup:
      pfSense:  2.1-Release(amd64)

      Interfaces:
      WAN = 192.168.1.1 (this actually has a public IP assigned to it)
      VLAN100 = [GW] = 10.100.100.1
      VLAN200 = [GW] = 10.200.200.1

      1:1 NAT:
      192.168.1.30 -> 10.100.100.30
      192.168.1.45 -> 10.200.200.45

      Servers:
      CentOS #1
      IP = 10.100.100.30/24
      GW = 10.100.100.1

      CentOS #2
      IP = 10.200.200.45/24
      GW = 10.200.200.1

      Scenario:
      1.  If I log into CentOS #1 and login to a remote server via ssh I have no problem.  If I attempt to log into CentOS #2 via ssh I cannot connect.  There are no firewalls (IPTABLES) running on either server at this point.
      2.  From another remote computer, meaning on that is not behind the pfSEnse firewall, I can ssh into either CentOS #1 or #2 without issues.
      3.  The issue comes when I attempt to communicate between two servers that are both behind the pfSense firewall AND are on different interfaces/networks.

      NOTE:  I do have the default setting for the WAN interface of "Block private networks".  When I unchecked this option is caused my pfSense FW to crash.  Because this is a production FW I quickly enabled that option after the FW rebooted after the crash.

      My question to this group is do you believe the issue that I am having with communication between servers on different interfaces/networks is being caused by this "Block private networks" option being enabled?  If so, does anyone know of a way to  disable this without it causing the pfSense FW to crash?

      Thank you all for your import.

      Rick

      1 Reply Last reply Reply Quote 0
      • pttP
        ptt Rebel Alliance
        last edited by

        Do you have  FW rules, on both pfSense interfaces, allowing traffic between those network segments ?

        1 Reply Last reply Reply Quote 0
        • R
          rickpo12
          last edited by

          ptt - Good question and one that I should have provided.  For testing purposes I have opened up all traffic into VLAN100 and VLAN200 from the WAN, and I have also opened all traffic out from both VLAN100 and VLAN200.  As I mentioned, from a remote computer that is not behind the firewall I can connect to either CentOS #1 or #2 without issues.  The issue only arises when trying to go from VLAN100 to a server on VLAN200 or vis-versa.  One additional note:  If I attempt to ssh from CentOS #1 to CentOS #2, I do receive a login prompt, but entering the correct user and passwork fail.  My assumption is that I am somehow being connected to the pfSense FW and not the CentOS #2 server.  Not sure why, but I am sure it has to do with the current setup and the issues that I am having.

          Thank you again in advance for your help.

          Rick

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.