Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access between two nets

    Firewalling
    3
    4
    711
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rpsimoes
      last edited by

      Hi folks!

      I have two nets, one in my home and other in my office, both of them behind pfSense
      home -> lan: 192.168.1.1
      office -> lan: 192.168.0.1

      Both of tem have a ddns:
      home: net_house.no-ip.org
      office: net_office.no-ip.org

      When I try, from my home, access the net of my office, it doesn't happen. So I try to ping and it occurs:

      ping net_office.no-ip.org

      PING net_office.no-ip.org (186.218.212.79) 56(84) bytes of data.
      From 10.33.0.1: icmp_seq=36 Redirect Host(New nexthop: 10.33.0.1)

      I use nmap:

      nmap -Pn net_office

      Starting Nmap 6.40 ( http://nmap.org ) at 2014-09-11 07:43 BRT
      Nmap scan report for 186-218-212-88.viacaboip.com.br (186.218.212.79)
      Host is up.
      All 1000 scanned ports on 186-218-212-88.viacaboip.com.br (186.218.212.79) are filtered

      When I connect direct to the modem (without pfsense), I can access normally my net on the office (From my house)

      ping net_office.no-ip.org

      PING net_office.no-ip.org (186.218.212.79) 56(84) bytes of data.
      64 bytes from 186-218-212-79.viacaboip.com.br (186.218.212.79): icmp_seq=1 ttl=63 time=22.0 ms

      nmap -Pn net_office

      Starting Nmap 6.40 ( http://nmap.org ) at 2014-09-11 07:55 BRT
      Nmap scan report for 186-218-212-79.viacaboip.com.br (186.218.212.79)
      Host is up (0.032s latency).
      Not shown: 998 filtered ports
      PORT    STATE SERVICE
      80/tcp  open  http
      3389/tcp open  ms-wbt-server
      Nmap done: 1 IP address (1 host up) scanned in 23.18 seconds

      I'm not using a VPN.

      Follow the rules created in pfSense on my house and in my office (They are the same rules in both pfSense)

      Can anyone help me please?


      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        I'm not using a VPN.

        Umm, you either need to use a VPN or set NAT port forwards into your LANs.

        Use a VPN.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10000 words and 15 conference calls.
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          "I have two nets, one in my home and other in my office, both of them behind pfSense"

          What are you trying accomplish.. that net_office.no-ip.org does not resolve.  But that IP you listed does answer ping.

          ;; QUESTION SECTION:
          ;net_office.no-ip.org.          IN      A

          ;; AUTHORITY SECTION:
          no-ip.org.              60      IN      SOA    nf1.no-ip.com. hostmaster.no-ip.com. 2265445508 18000 1800 604800 1800

          C:>ping 186.218.212.79

          Pinging 186.218.212.79 with 32 bytes of data:
          Reply from 186.218.212.79: bytes=32 time=165ms TTL=48
          Reply from 186.218.212.79: bytes=32 time=171ms TTL=48

          This seems ODD

          186-218-212-88.viacaboip.com.br (186.218.212.79)

          Your PTR does not match up with the IP.. you see .79 but PTR says .88 - are you editing these names and IPs?

          What are you trying to accomplish??  Do you just want to hit some web interface on your home/office location behind pfsense, or the pfsense gui?  Your rules show to the pfsense wan IP your allowing 80/443 so the pfsense web gui?  Are you pfsense behind nats?  What does pfsense show for its wan address.. Does it match up to 186.218.212??  Or is it some private address 10.x, 192.168.x, 172.16-31.x ?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 23.05.1 | Lab VMs CE 2.6, 2.7

          1 Reply Last reply Reply Quote 0
          • R
            rpsimoes
            last edited by

            Hi,

            My rules were wrong. Problem solved!!

            Thanks everybody ;)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post