Unable to access internal network through PfSense WAN port
Without seeing your pfsense rules my inclination is to say "Working As Designed" -- most firewalls are configured to prevent people on the outside (WAN port) from accessing resources on the inside (LAN port).
If you want to let people from the outside in you need to either punch firewall holes (including 1:1 NAT or port redirection, if you're using NAT) or set up a VPN. The latter is a better solution in nearly every case...
Related videos on Youtube
Sean
Updated on September 18, 2022Comments
-
Sean over 1 year
Our branch office is unable to connect to our internal network for some reason. However we can connect to the branch office domain controller from behind PfSense. The following is our setup:
|Branch DC - 192.168.0.101 | |Branch Firewall - 192.168.0.2 | |(Internet) | |Local Firewall - 192.168.3.1 | |PFSense WAN port - 192.168.3.100 |PFSense LAN port - 192.168.1.1 | | DC1 - 192.168.1.2|DC2 - 192.168.1.4
- Branch DC can ping and connect to PFSense WebGUI on the WAN port successfully (we set this up using the PfSense documentation).
- DC1 and DC2 can connect outbound to the Branch DC.
There seems to be a rule that prevents internal access on the WAN port. However our rules are set to allow all traffic on the LAN and WAN ports. It would be ideal to just disable the firewall altogether since we already have a firewall but when we do this, PfSense doesn't allow any internal traffic at all. I look forward to any assistance and thank you ahead of time.
-
voretaq7 almost 13 yearsDo you have a (redacted) copy of the firewall rules for both sides of the connection? Is the
Branch Firewall
running pfsense as well?
-
Sean almost 13 yearsWe were trying to avoid using VPN since we already connect to our branch office using a Site-to-Site VPN. Regarding NAT, that would be the only other way then? We basically want our Domain Controllers to begin replicating properly again.
-
rackandboneman over 11 yearsThis looks like a setup with a literal dedicated WAN (from the private IP used on it)...