Routing inside pfSense



  • Hello can someone help me whith this network cenario:

    WAN - Fixed IP atributed by teh ISP by DHCP
    LAN Network - 192.168.1.0/24
    WiFi Network - 192.168.21.0/24

    Email server - 192.168.1.2  255.255.255.0
    PC in the wifi network - 192.168.21.x (atributed by DHCP server pfSense)    255.255.255.0

    How can I acces port 443 of the email server by a pc in the wifi network.

    Thanks
    ![Network Cenario.jpg_thumb](/public/imported_attachments/1/Network Cenario.jpg_thumb)
    ![Network Cenario.jpg](/public/imported_attachments/1/Network Cenario.jpg)



  • You could do this using a firewall rule to allow access from OPT1 to LAN:

    ID | Proto | Source  | Port | Destination | Port | Gateway | Queue | Schedule | Description
      |  IP4 | OPT1 Net | *    |  192.168.1.2  | 443  |    *    | none  |



  • Hello Kom,

    Yes the mail server has a rule to be acceced from Internet (Port Foward), but it doens't access from the wifi network (internal)!



  • Sorry, my question was stupid (I've been doing that a lot lately) and I had to edit my original reply.

    Do you already have a base rule to allow OPT1 to access anything?  By default, there is no such rule and OPT1 is isolated.  Do you have NAT Reflection enabled?  To access front-facing servers from within, you either need NAT Reflection or Split DNS.



  • Sorry !!!

    Didn't work !!!

    Packet Capture

    20:39:51.497295 IP 88.99.77.66.443 > 192.168.21.73.43014: tcp 0
    20:39:51.497328 IP 88.99.77.66.443 > 192.168.21.73.43014: tcp 37
    20:39:51.497350 IP 88.99.77.66.443 > 192.168.21.73.43014: tcp 0
    20:39:51.498625 IP 192.168.21.73.43014 > 88.99.77.66.443: tcp 0
    20:39:51.499258 IP 192.168.21.73.43014 > 88.99.77.66.443: tcp 0
    20:39:51.499590 IP 192.168.21.73.43014 > 88.99.77.66.443: tcp 0

    Thanks



  • It would be helpful if you could answer the two questions I asked…



  • Do you want to make sure that the rule that KOM posted is at the top of the firewall rules page in OPT1? Also, do you have any manual outgoing NAT rules?



  • Sorry,

    Do you already have a base rule to allow OPT1 to access anything?

    OPT1
    ID | Proto | Source  | Port |    Destination | Port | Gateway | Queue | Schedule | Description
      |  IPv4| OPT1 Net | *    |        *      |  *  |    *    | none  |          |

    Do you have NAT Reflection enabled?
    That it I tested wihit NAT Refletion  Enable (Pure Nat) and it worked

    Thank a lot, you are the greatest  ;)