Help with 2 WAN and 1 LAN…
-
Hey Chldgear,
I appreciate your help.
Oh yes, I can communicate with both sets of IPs. Some websites are running on them now.
As for your 2nd question, that depends. If I'm inside the network, I can communicate with any 63.x.x.x IP as long as it's from another 63.x.x.x. If I try using a 205.x.x.x IP to communicate with a 63.x.x.x, then there are problems. I may or may not connect. If I do connect, it's as if you're dragging a semi truck through sand on a rainy day with your hands. :-)
Lastly, both the 63.x.x.x and 205.x.x.x IPs access the pfSense box through the exact same physical interface (ethernet cord). Does that make sense?
Thanks!
-
So it's not 2 WANs, it's one with two IP subnets. Sounds like you probably need NAT reflection enabled, if we're talking about strictly looping traffic back in through those 1:1 NATs.
-
Thanks, I'll do some research on how to set it up. Like I said, I'm a dummy.
I really appreciate the help all you guys have given me!
Thanks!
-
Okay, now for more dumb questions…
I read everything at https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks - but still have a few questions.
Do I try "NAT + Proxy" or "Pure NAT"? They both talk about the forwarding of ports, but I'm not sure how that would apply to me.
Are there any configurations I need to be aware of before doing this? Like I said, I can't afford to be down. It's about 40 miles and $15 in tolls to the data center, so I'd like to see if I can get this right the first time and not be down. I'm hoping to go tomorrow evening, it's a good time as no one is looking at their websites at that time.
Again, thank you for all the help.
-
You'll want pure NAT mode. And to enable the option to automatically add outbound NAT rules.
-
Thank you!
I'm going to the data center tomorrow, I'll report back if it worked or not.
I love pfSense, it's the best!
-
Hey CMB,
I was told to give you this extra information as they thought I may be using manual NAT. If this is they case, I was told to ask if by looking at the screen cap below if it would be better to use Hybird NAT.
Thanks!
-
Load balancing & fail over
Some impressions to get it working together with load balancing and a fail over scenario. -
Thank you for your input. But I'm not looking for load balancing or fail over. I need to get the IPs from 2 different WANS to talk to each other in the LAN!
-
Hey all!
Well, I did what CMB suggested, switching to pure NAT mode and enabling the option to automatically add outbound NAT rules. Unfortunately, it didn't change anything. Inside the network I still can not make the 2 WAN talk to each other via SSH, FTP, or anything else. If they do connect, it's only for 10 seconds and then everything bottoms out.
I have the NAT Outbound set to Manual Outbound NAT. It was suggested to try Hybrid Outbound NAT, which I also tried. Still the same result.
Any more suggestions?
Thanks!
-
Where you're using policy routing on your LAN rules, you need to negate those for the relevant destinations otherwise you're forcing that traffic to the gateway specified in the rule, so it won't hit reflection. What do your LAN rules look like currently?
-
CMB, thanks for getting back to me. Please excuse my ignorance, this is like trying learn Latin.
When you refer to LAN rules, are you referring to the LAN Interface?
Thank you very much.