Routing from WAN to LAN



  • I have a PFSENSE box that is routing traffic like this :-

    Domain –-- PFSense ----- Smoothwall Filter ------- Internet

    It's working fine, I can ping the gateways from each interface and the internet is working across VLANS and the LAN , however I can't seem to ping anything on the domain from the WAN interface.

    I need access to Active Directory from the Smoothwall box to allow Authentication - how would I do this ?

    LAN address is 192.168.5.80 - Smoothwall Gateway is 192.168.110.1 (WAN IP is 192.168.110.2)

    Cheers

    What I'm trying to achieve is one PFSENSE box as a router instead of a layer 3 switch for internal lan and vlans to smoothwall

    Eventually it will be LAN -> PFSENSE Router -> Smoothwall -> PFSENSE Firewall



  • WAN is set to ignore private addresses by default, so it's not going to respond to your Smoothwall unless you uncheck that via (Interfaces - WAN).  Are you using pfSense as a router only (firewall disabled)  or is the firewall still active?  To get access to your DC, you could add a WAN rule that allows the Smoothwall to have full access to the DC.



  • Yes the firewall is still active but I have rules to allow all traffic (IPV4* LAN/WAN/VLAN * * * *) on each interface

    What would the rule look like ? And would it be easier to disable the firewall ?

    Thanks for the help



  • What would the rule look like ?

    It would look like a Pass rule with your Smoothwall as the Source and the DC as the Destination.  Ports depend on your Windows Server version, but likely 49152-65535 if you want to limit access to just domain services.

    And would it be easier to disable the firewall ?

    It's certainly easy, but I don't know how it would perform for you.  Try it.  System - Advanced - Firewall/NAT - Disable firewall.



  • Thanks, I'll give it a go - nearly there it's just this last hurdle :)



  • I removed the firewall role and still nothing, I can ping the DC from the LAN interface but I can't from the WAN interface (full packet loss) I must be missing something somewhere!

    seems I was, seeing as this is in a non production environment I needed to add the gateway to the DCs (had to slap myself there…)



  • Maybe post screencaps of your interface details.



  • I know I started another thread but, I recreated the box and kept it simple as possible

    http://imgur.com/a/1X55p



  • I see John's made more progress so I'll abandon this thread.


Log in to reply