• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Network Routing

Scheduled Pinned Locked Moved General pfSense Questions
8 Posts 2 Posters 1.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M Offline
    MPFontana
    last edited by Feb 7, 2015, 8:30 PM Feb 7, 2015, 7:22 PM

    Guys I'm with a problem and tried to do everything that I know to solve.

    My firewall is configured as follows.

    I have 2 links and 2 separate networks. Each link feeds one network. Then we have:

    Link 1 (default) -> Network 1

    Link2 -> Network 2 -> HOTSPOT

    Under the network 2 I have a HOSTSPOT delivering dhcp, therefore, the network only 2 delivers the IP (internet) for equipment HOTSPOT. So I can control the bandwidth available on that network.

    Here the LINK 1 is feeding the NETWORK 1 and LINK 2 is feeding NETWORK 2. So far so good, everything works, with some exceptions.

    When I try to access via RDP or some other specific services from Network 1 to Network 2, I can do it normally without problems. But if I try the reverse, Network 2 to Network 1, I can't. But if I change the network 2 link that is running LINK 2 to LINK 1, the service works, OR if I put the LINK 2 as default, also works, but then the reverse happens, i have access from NETWORK 2 to NETWORK 1.

    Note: The access is not done via local IP but via the IP's of links properly routed via NAT.

    Sorry my english  :-X
    Capturar1.PNG
    Capturar2.PNG
    Capturar3.PNG
    Capturar1.PNG_thumb
    Capturar2.PNG_thumb
    Capturar3.PNG_thumb

    1 Reply Last reply Reply Quote 0
    • S Offline
      stephenw10 Netgate Administrator
      last edited by Feb 8, 2015, 7:27 PM

      Please show us your rules from the on the ADM and HOSPEDE interfaces. That's where the policy routing is that will effect this.

      Also please define exactly what isn't working. You say that you can't access services on one internal network from the other internal network?
      You are trying to access them using their public IPs? So you have port fowarded them? Can we see your port forwards also?

      Steve

      1 Reply Last reply Reply Quote 0
      • M Offline
        MPFontana
        last edited by Feb 9, 2015, 10:55 AM

        @stephenw10:

        Please show us your rules from the on the ADM and HOSPEDE interfaces. That's where the policy routing is that will effect this.

        Also please define exactly what isn't working. You say that you can't access services on one internal network from the other internal network?
        You are trying to access them using their public IPs? So you have port fowarded them? Can we see your port forwards also?

        Steve

        Thank's for reply.

        Yes Steve, I'm trying to access some services from one network to other network via Public IP's.

        Here are all you asked for.

        Capturar.JPG1.JPG
        Capturar.JPG2.JPG
        Capturar.JPG3.JPG
        Capturar.JPG1.JPG_thumb
        Capturar.JPG2.JPG_thumb
        Capturar.JPG3.JPG_thumb

        1 Reply Last reply Reply Quote 0
        • S Offline
          stephenw10 Netgate Administrator
          last edited by Feb 9, 2015, 2:07 PM

          So two issues here:
          If you're trying to access the resource using the public IP you need to have setup something to allow that to happen. By default the traffic cannot hit the public address and then be re-routed back to the internal address. See:
          https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

          Secondly if you use policy based routing to specify a gateway that overules the system routing table so all your traffic from the ADM interface goes out to the BBP gateway even if the destination is actually an internal subnet. You need to put in a rule above the policy-routing rule to allow traffic to get to the local subnets. Can you access the resources using their internal addresses?

          Steve

          1 Reply Last reply Reply Quote 0
          • M Offline
            MPFontana
            last edited by Feb 9, 2015, 7:22 PM

            @stephenw10:

            So two issues here:
            If you're trying to access the resource using the public IP you need to have setup something to allow that to happen. By default the traffic cannot hit the public address and then be re-routed back to the internal address. See:
            https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

            Secondly if you use policy based routing to specify a gateway that overules the system routing table so all your traffic from the ADM interface goes out to the BBP gateway even if the destination is actually an internal subnet. You need to put in a rule above the policy-routing rule to allow traffic to get to the local subnets. Can you access the resources using their internal addresses?

            Steve

            Steve for the first issue I'll try later cause I'm quite busy right now, for the second issue I already tried to create on hospede subnet a rule that allow the trafic, like picture attached.

            Capturar.JPG
            Capturar.JPG_thumb

            1 Reply Last reply Reply Quote 0
            • S Offline
              stephenw10 Netgate Administrator
              last edited by Feb 9, 2015, 11:39 PM

              Ok, I don't see it in your screen shot above the rule that specifies a gateway though. Did you just create it?

              Steve

              1 Reply Last reply Reply Quote 0
              • M Offline
                MPFontana
                last edited by Feb 10, 2015, 1:17 PM

                @stephenw10:

                Ok, I don't see it in your screen shot above the rule that specifies a gateway though. Did you just create it?

                Steve

                Steve I studied and tried the options u showed me and i could't perform this to work, don't know why, can be the hostspot under the Network 2, but i don't manage this 3rd part service(dhcp) and can't do much on it.

                In the gateway rule was specified STNGW.

                1 Reply Last reply Reply Quote 0
                • S Offline
                  stephenw10 Netgate Administrator
                  last edited by Feb 12, 2015, 7:37 PM

                  Not entirely sure what you meant there,  :-\

                  If you've added more firewall rules can we see screenshots of those?

                  Steve

                  1 Reply Last reply Reply Quote 0
                  8 out of 8
                  • First post
                    8/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received