Access LAN through WAN (ping, shared folders etc)



  • Hello to everyone,

    My network setup is like this
                                                                    (SERVER's Switch:Many pcs)
                                                                    /
                                                                  /
                                                                  /
    {Internet} <–--------> (Goverment Router) <----------------> (pfSense with http and https interception)<---------->(LAN Switch) ..... Many pcs on the LAN

    The problem i have is that i cannot ping or browse lan pc's through wan .

    To be more specific: Goverment router : Range = 10.217.75.1-255
                                  PfSense WAN IP =10.217.75.250
                                  PfSense LAN IP  =10.217.76.1
                                  Lan Subnet Range = 10.217.76.2-255

    So, from a pc on the wan let's say 10.217.75.73 i can ping 10.217.75.250 (obviously)  and 10.217.76.1 (lan GW) but there everything stops

    I know that if I permit lan browsing through wan i lose the meaning of firewall but...that's the way they want it to be.
    LSS: I want a kind of rule to allow browsing my lan network through any pc in my wan network
    Is that possible
    i've tried some simple rules like destination * and source * but they didn't work. I've also seen some solution with virtual ips etc...but that was for one or two server ips and not for many pcs? Any solution!? Thanks in advance.


  • Banned

    And how exactly is this suppose to work? The traffic will never hit pfSense unless the "government router" knows to send the traffic there.



  • @doktornotor:

    And how exactly is this suppose to work? The traffic will never hit pfSense unless the "government router" knows to send the traffic there.

    You have a point there but i forgot to mention the reason i use the pfsense,
    Where i work (govermental position) happens a great internet misuse (almost abuse) like facebook, youtube, online radio streaming etc. We were ordered to find a way to block all these sites from our local pcs. So i don't mind about the incoming traffic so much, the only thing i want is to stop requests for some sites.

    The problem is that some old static ips are used for the govermental site so i cannot change them into my lan. That's why i want all the wan computers and all the lan computers in touch.
    Maybe i have thought it the wrong way, but I'm not that expert.
    The thing is that the 10.217.75.1-255 has to stay that way and that all others must be on 10.217.76.1-255 in order to be filtered away. Do i have a false thinking here?!?!


Log in to reply