Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN to local IP's

    Scheduled Pinned Locked Moved NAT
    6 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      ed123
      last edited by

      Hi,

      How can set where all my WAN IP block can ping or connect to all our local IP's?

      pfSense 2.1(will update later)
      Single server.

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        You can put pass rules on WAN to allow incoming traffic to LAN IP addresses. That can work if pfSense WAN is actually sitting on an internal private network that knows the pfSense is a route to the pfSense LAN subnet. In that case pfSense is being and internal router, and your firewall requirements might be less.

        If your WAN is a public IP, then:

        1. Don't put general pass rules!
        2. You will not be able to simply pass incoming traffic for LAN IPs, because the LAN subnet is in private IP address space - people out on the public internet will not be routed to you at those private LAN IPs anyway (a good thing)
        3. To provide public internet access to a web server or… then use Port Forwarding. Be sure to only port forward and open up the things that you really want to make public.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • E
          ed123
          last edited by

          I have servers set to WAN IP and i have also local servers.. I need this servers to communicate directly if possible.. if i need to port forward the local servers meaning all  of them(local) and i have more than 10 servers local.

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            Post more about your network so we can understand the need. Where is your public IP? Where is pfSense WAN? Where are the various devices on each side of pfSense that need to talk to each other?

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • E
              ed123
              last edited by

              Here:

              example
              Wan IP: 20.20.1.200 - 210
              Local IP: 192.168.1.0/24

              public asterisk server: 20.20.20.1.201
              public pfsense server: 20.20.20.1.200

              local pfsense ip: 192.168.1.1
              local asterisk server: 192.168.1.2…...10 (for local pbx servers)

              hope it help  :'(

              Now, I want my public asterisk server(20.20.20.1.201) to communicate with my local asterisk server(w/ IP from 192.168.1.2 until .10) without using portforward. Is this possible? and how?

              newbie,

              1 Reply Last reply Reply Quote 0
              • P
                phil.davis
                last edited by

                The default gateway of public asterix server is going to be the ISP gateway. So you will need to add a static route on public asterix server to tell it that 192.168.1.0/24 is reached through pfSense WAN IP 20.20.1.200
                Then have pass rule/s on pfSense WAN to allow traffic source 20.20.1.201 destination 192.168.1.n (the server/s you want to allow it to access) port as needed.

                As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.