4. No communications between Interfaces using 1:1 NAT

No communications between Interfaces using 1:1 NAT

  • R

    Here is my setup:
    pfSense:  2.1-Release(amd64)

    Interfaces:
    WAN = 192.168.1.1 (this actually has a public IP assigned to it)
    VLAN100 = [GW] = 10.100.100.1
    VLAN200 = [GW] = 10.200.200.1

    1:1 NAT:
    192.168.1.30 -> 10.100.100.30
    192.168.1.45 -> 10.200.200.45

    Servers:
    CentOS #1
    IP = 10.100.100.30/24
    GW = 10.100.100.1

    CentOS #2
    IP = 10.200.200.45/24
    GW = 10.200.200.1

    Scenario:
    1.  If I log into CentOS #1 and login to a remote server via ssh I have no problem.  If I attempt to log into CentOS #2 via ssh I cannot connect.  There are no firewalls (IPTABLES) running on either server at this point.
    2.  From another remote computer, meaning on that is not behind the pfSEnse firewall, I can ssh into either CentOS #1 or #2 without issues.
    3.  The issue comes when I attempt to communicate between two servers that are both behind the pfSense firewall AND are on different interfaces/networks.

    NOTE:  I do have the default setting for the WAN interface of "Block private networks".  When I unchecked this option is caused my pfSense FW to crash.  Because this is a production FW I quickly enabled that option after the FW rebooted after the crash.

    My question to this group is do you believe the issue that I am having with communication between servers on different interfaces/networks is being caused by this "Block private networks" option being enabled?  If so, does anyone know of a way to  disable this without it causing the pfSense FW to crash?

    Thank you all for your import.

    Rick

    0
  • Rebel Alliance

    Do you have  FW rules, on both pfSense interfaces, allowing traffic between those network segments ?

    0
  • R

    ptt - Good question and one that I should have provided.  For testing purposes I have opened up all traffic into VLAN100 and VLAN200 from the WAN, and I have also opened all traffic out from both VLAN100 and VLAN200.  As I mentioned, from a remote computer that is not behind the firewall I can connect to either CentOS #1 or #2 without issues.  The issue only arises when trying to go from VLAN100 to a server on VLAN200 or vis-versa.  One additional note:  If I attempt to ssh from CentOS #1 to CentOS #2, I do receive a login prompt, but entering the correct user and passwork fail.  My assumption is that I am somehow being connected to the pfSense FW and not the CentOS #2 server.  Not sure why, but I am sure it has to do with the current setup and the issues that I am having.

    Thank you again in advance for your help.

    Rick

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy