WAN to local IP's
How can set where all my WAN IP block can ping or connect to all our local IP's?
pfSense 2.1(will update later)
You can put pass rules on WAN to allow incoming traffic to LAN IP addresses. That can work if pfSense WAN is actually sitting on an internal private network that knows the pfSense is a route to the pfSense LAN subnet. In that case pfSense is being and internal router, and your firewall requirements might be less.
If your WAN is a public IP, then:
- Don't put general pass rules!
- You will not be able to simply pass incoming traffic for LAN IPs, because the LAN subnet is in private IP address space - people out on the public internet will not be routed to you at those private LAN IPs anyway (a good thing)
- To provide public internet access to a web server or… then use Port Forwarding. Be sure to only port forward and open up the things that you really want to make public.
I have servers set to WAN IP and i have also local servers.. I need this servers to communicate directly if possible.. if i need to port forward the local servers meaning all of them(local) and i have more than 10 servers local.
Post more about your network so we can understand the need. Where is your public IP? Where is pfSense WAN? Where are the various devices on each side of pfSense that need to talk to each other?
Wan IP: 18.104.22.168 - 210
Local IP: 192.168.1.0/24
public asterisk server: 22.214.171.124.201
public pfsense server: 126.96.36.199.200
local pfsense ip: 192.168.1.1
local asterisk server: 192.168.1.2…...10 (for local pbx servers)
hope it help :'(
Now, I want my public asterisk server(188.8.131.52.201) to communicate with my local asterisk server(w/ IP from 192.168.1.2 until .10) without using portforward. Is this possible? and how?
The default gateway of public asterix server is going to be the ISP gateway. So you will need to add a static route on public asterix server to tell it that 192.168.1.0/24 is reached through pfSense WAN IP 184.108.40.206
Then have pass rule/s on pfSense WAN to allow traffic source 220.127.116.11 destination 192.168.1.n (the server/s you want to allow it to access) port as needed.