hi,
Hum, no ideas ? :(
mat
Le 24/08/2016 à 10:19, Mathieu HOHL a écrit :
Hello,
I have some web servers behind my PfSense 2.3.2. This PfSense has 2
physical network ports, and on the LAN port I use 10 Vlans. So
finally, I have 12 interfaces (+ 2 interface Groups):
- 1 on the WAN
- 1 "global" on the LAN
- 10 VLAN on the LAN
I put some NAT rules (FireWall > NAT > Port Forward) to redirect ssh
and web ports (22,80,443) from CARP addresses to different internal
IPs. Associated filters rules where automatically created.
example
* Interface : WAN
* Protocol: TCP
* Source : "Single host or alias" "authorized_ips" (alias)
* Destination : "Single host or alias" "host1_public_ip" (alias)
* Destination port range : SSH - SSH
* Redirect target IP : "host1_private_ip" (alias)
* redirect target port : SSH
no problem on filter reloading, but it doesn't work from my LAN network.
So, I activate "NAT Reflection mode for port forward" "Pure NAT"
(https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks)
but on filter reloading I get this message:
There were error(s) loading the rules: /tmp/rules.debug:210: interface
name too long - The line in question reads [210]: rdr on { ix1
ix1_vlan4 ix1_vlan5 ix1_vlan6 ix1_vlan7 ix1_vlan8 ix1_vlan9 ix1_vlan10
ix1_vlan11 ix1_vlan12 ix1_vlan13 GrVlanSI GrVlan } proto tcp from
$authorized_ips to $host1_public_ip port 22 -> $host1_private_ip...
And I fall every time on the pfsense server from LAN. From WAN it works.
When I deactivate this NAT rule, the next one (same but with others
IPs or ports) is on error...
I must have missed something...
How can I resolve this problem ?
thanks
mathieu
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
