Hello, you'll have to forgive my newbie question but that where we are start at some point. I'm really keen to understand more about networking hence my desire to learn through pfSense.
This is my setup: OpenWRT Router on the ADSL which has the 195.160.1.0 network on the LAN side and a pfSense linked to the 195.160.1.2 address on the routers LAN (so connected to pfSense WAN side). On the LAN side of the pfSense, I have 195.160.2.0 network with 195.160.2.1 on the LAN side. I have a server on the LAN on pfSense which I want isolate from all the wireless traffic that is going on the 195.160.1.0 (lots of guest accounts). But I also have a multimedia client on the 195.160.1.0 network that I want to allow access to the media server (195.160.2.2:8096) on the 195.160.2.0 network. I've set up a NAT port forward rule on pfSense like this: Interface Protocol SourceAdd. SourcePort DestAdd DestPort NATip NATport WAN TCP * * 195.160.2.2 8096 195.160.2.2 8096 I allowed pfSense to create the firewall rule automatically so this should be fine? Why do i not see traffic from the media client being logged (basically, the client does appear to be routed to the server through between the two subnets) but I do see traffic from the media client on the 195.160.1.0 being logged to the whole 195.160.1.0 network (I see UDP traffic from 195.160.1.4 to 195.160.1.255 being logged for netbios on 138) as blocked traffic. When I try to ping the pfSense WAN port on 195.160.1.2, it does get logged on pfSense but when I try to ping the LAN side of the pFSense from the WAN side, nothing gets logged. HAs this got to do with the default rules set up during setting up the WAN interface on PfSense: a) Blocks traffic from IP addresses that are reserved for private networks per RFC 1918 (10/8, 172.16/12, 192.168/16) and unique local addresses per RFC 4193 (fc00::/7) as well as loopback addresses (127/8). This option should generally be turned on, unless this network interface resides in such a private address space, too. b) Blocks traffic from reserved IP addresses (but not RFC 1918) or not yet assigned by IANA. Bogons are prefixes that should never appear in the Internet routing table, and so should not appear as the source address in any packets received.Note: The update frequency can be changed under System->Advanced Firewall/NAT settings. I have them both ticked but I thought the NAT rule would take precedence? Thanks geotux _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
