Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why is pfSense responding to ssh, ping and all other traffic? - SOLVED

    Scheduled Pinned Locked Moved NAT
    2 Posts 1 Posters 761 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rickpo12
      last edited by

      pfSense Setup for interfaces:

      WAN (MAC 00:00:00:00:00:AA) - VLAN50 = 192.168.50.0/24 (Actually this is a really public /24 address in real setup)
      InternalNet1 (MAC 00:00:00:00:00:BB) - VLAN60 = 10.10.60.0/24
      InternalNet2 (MAC 00:00:00:00:00:CC) - VLAN70 = 10.10.70.0/24

      • NOTE: I am just using these MAC address to keep this simple and easy to follow.  These are not the really MAC addresses

      pfSense setup for NAT

      1:1
      192.168.50.10 -> 10.10.60.10
      192.168.50.20 -> 10.10.70.20

      pfSense setup for Firewall Rules

      WAN = Fully opened into both InternalNet1 and InternalNet2 with all protocols  (NO RESTRICTIONS)
      InternalNet1 = Fully opened for all protocols - (NO RESTRICTIONS)
      InternalNet2 = Fully opened for all protocols - (NO RESTRICTIONS)

      The test (Both 10.10.60.10 and 10.10.70.20 are both running fresh install of CentOS 6.4 with iptables disabled.)

      1.  On 10.10.70.20 I run tcpdump to monitor network communications
      2.  On 10.10.60.10 I run:
            # ping 10.10.70.20  - This works on both servers.  Meaning I see replies on 10.10.60.10 and I see the ICMP packets being received and sent on 10.10.70.20 -  GREAT SO FAR
      3.  On 10.10.60.10 I run:
            # ping 192.168.50.10 - This DOES NOT WORK FULLY - Meaning, I see the replies on 10.10.60.10, but I DO NOT see any traffic via the tcpdump running on 10.10.70.20.

      NOTE:  when I capture the packets on pfsense FW and show details, I see the when I run step 3 above the MAC addresses that are communicating are

      MAC Address for 10.10.60.10 and InternalNet2 (00:00:00:00:00:CC)

      Why is pfSense not passing traffic through to 10.10.70.20 and answering this requests?  This is ALSO true for when I attempt to ssh from 10.10.60.10 to 10.10.70.20.  I get the login prompt for pfsense and not the actual server?

      I know this is long and complex, but this is driving my crazy.

      Thank you big time for all the take the time to understand and reply.

      rick

      1 Reply Last reply Reply Quote 0
      • R Offline
        rickpo12
        last edited by

        Solved - Here is what I did and it was so simple.

        For the two server, 10.10.60.10 and 10.10.70.20 I enabled NAT reflection for the 1:1 NAT.  After that, I was able to ping, ssh and everything else just fine using the public IP address.

        Thank you

        Rick

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.