Allowing direct access to the Server connected to the LAN interface



  • Hello Forum,
    Let me explain my network setup for you. I have configured pfsense with both interfaces having public IP address. I have configured some filtering rules which are enforced on the user. Behing pfsense their is DHCP NAT server which is connected to the LAN of pfsense. DHCP NAT server is also having a public IP so that it is accessible from outside if something goes wrong. Now if I add allow all rule in pfsense firewall then I can access the NAT Server and others also can access it. But, I want to restrict access to the DHCP NAT server to a particular user or system. So, what rule do I need to add so that only few authorized users can access it from outside. :-\ :-\



  • I will give the specification if the above statement is unclear.

    Pfsense

    1. WAN x.x.x.216 - Public IP
    2. LAN x.x.x.193- Public IP

    DHCP/NAT Server
    WAN - x.x.x.194 - Public IP and which is connected to the LAN of Pfsense

    I added the firewall rule where I can remotely access the WAN of pfsense as a admin and block all other traffic. But I am not able to access the WAN of DHCP/NAT server which is behind pfsense. So any help regarding the issue is appreciated. :-\

    Thanks



  • Seems to me your routing is messed up. You say dhcp/nat server? Do you have another Nat device connected to Pfsense? Have you configured it to take connections from outside the network? Why are you using public IPs on your LAN intended of just using a port forward with Private IPs? Do you own the public IPs that you are using? Has your ISP advertised this network for you a la BGP? A diagram would be really helpful to try to figure out what you are trying to do here.



  • @mikeisfly:

    Seems to me your routing is messed up. You say dhcp/nat server? Do you have another Nat device connected to Pfsense? Have you configured it to take connections from outside the network? Why are you using public IPs on your LAN intended of just using a port forward with Private IPs? Do you own the public IPs that you are using? Has your ISP advertised this network for you a la BGP? A diagram would be really helpful to try to figure out what you are trying to do here.

    We are an ISP and yes we own those IPs.  I have configured pfsense interfaces as static and dhcp/nat server is a separate entity behind pfsense. Pfsense is dedicated only for doing filtering.
    If I want to access the dhcp/nat server from outside then pfsense is blocking the access. If I add a rule allow all in WAN then its accessible. But I want only admin access to the dhcp/nat server pfsense, so what rule do I need to add to access it.
    Hope you got the scenario which I am trying to explain :-\ :-\


  • Netgate

    Dude, draw a detailed network diagram.  It's sort of like mathematics.  It transcends language barriers.



  • I have attached the diagram. I guess I have messed up somewhere in firewall rules and NAT rules.
    My firewall rules are something like this

    WAN
    Proto: -IPv4 TCP
    Source: IP address (x.x.x.240) of the system from which I remotely access pfsense.
    port: *
    Dest: Ip address of pfsense x.x.x.216
    port: 443
    NAT IP: x.x.x.216 (Pfsense IP)
    NAT port:: 443

    LAN:
    Proto: IPv4 TCP
    Source : *
    Port: *
    Dest: !LAN Address
    port: 443
    NAT IP: x.x.x.193
    Port:3128

    I am able to access pfsense box via WAN but I am not able to access DHCP/NAT server behind pfsense eventhough it is having public IP.
    Any idea where I am going wrong.

    ![Untitled Diagram.jpg_thumb](/public/imported_attachments/1/Untitled Diagram.jpg_thumb)
    ![Untitled Diagram.jpg](/public/imported_attachments/1/Untitled Diagram.jpg)