No communications between Interfaces using 1:1 NAT

  • Here is my setup:
    pfSense:  2.1-Release(amd64)

    WAN = (this actually has a public IP assigned to it)
    VLAN100 = [GW] =
    VLAN200 = [GW] =

    1:1 NAT: -> ->

    CentOS #1
    IP =
    GW =

    CentOS #2
    IP =
    GW =

    1.  If I log into CentOS #1 and login to a remote server via ssh I have no problem.  If I attempt to log into CentOS #2 via ssh I cannot connect.  There are no firewalls (IPTABLES) running on either server at this point.
    2.  From another remote computer, meaning on that is not behind the pfSEnse firewall, I can ssh into either CentOS #1 or #2 without issues.
    3.  The issue comes when I attempt to communicate between two servers that are both behind the pfSense firewall AND are on different interfaces/networks.

    NOTE:  I do have the default setting for the WAN interface of "Block private networks".  When I unchecked this option is caused my pfSense FW to crash.  Because this is a production FW I quickly enabled that option after the FW rebooted after the crash.

    My question to this group is do you believe the issue that I am having with communication between servers on different interfaces/networks is being caused by this "Block private networks" option being enabled?  If so, does anyone know of a way to  disable this without it causing the pfSense FW to crash?

    Thank you all for your import.


  • Rebel Alliance

    Do you have  FW rules, on both pfSense interfaces, allowing traffic between those network segments ?

  • ptt - Good question and one that I should have provided.  For testing purposes I have opened up all traffic into VLAN100 and VLAN200 from the WAN, and I have also opened all traffic out from both VLAN100 and VLAN200.  As I mentioned, from a remote computer that is not behind the firewall I can connect to either CentOS #1 or #2 without issues.  The issue only arises when trying to go from VLAN100 to a server on VLAN200 or vis-versa.  One additional note:  If I attempt to ssh from CentOS #1 to CentOS #2, I do receive a login prompt, but entering the correct user and passwork fail.  My assumption is that I am somehow being connected to the pfSense FW and not the CentOS #2 server.  Not sure why, but I am sure it has to do with the current setup and the issues that I am having.

    Thank you again in advance for your help.


Log in to reply