Hi everyone!
I am looking for some help, because I stuck at this point since 1,5 month. As I seen nobody had this kind of problem here or anywhere else, but if I am wrong, give me some hint please.
Topology:
ISP Modem ↔ Mikrotik RB960PGS ↔ CRS326
CRS326 ↔ Computers, servers - running Pfsense with 2 interface WAN, LAN.
On the RB960PGS I have set the ISP fix IP on ether1. I have set 70.2 for ether2.On Pfsesen ether1 WAN 70.1 , ether2 30.254 /24 (LAN)
I made a masqurade NAT firewall rule, so I have internet connection, because the out interface is the RB960PGS ether1 which is the ISP.
I would like to pass all of the traffic to the pfsense to validate and drop the useless parts.
I have some running service on 30.42 on 30.43, 30.44.
So what I want to have:
FIX IP + XXX port (open on pfsense, nat already created to the server, so WAN IP + port → LAN IP + port
It should just work, because of the pfsense should know what to do with the data, where to send it.
What kind of firewall nat chain or filter rule or anything, should I use to pass the traffic to the pfsense WAN IP?
Thanks, I am not a network expert as you can see, but already watched the input, output forward videos on the youtube and still not working. srcnat, dstnat… I am stuck.
Can you draw a diagram I have no clue if what you are saying is that the pfsense is supposed to get an IP from the ISP…
Typically its public IP to MT router, all other devices acting as routers downstream (doublenat) would get a private IP, aka a LANIP from one of the mTs subnets.
Sometimes one gets a private not public IP from the ISP, but that would be the only difference…
Finally full config of mt minus router serial number and any public WANIP information.
/export file=anynameyouwish
The Pfsense WAN Configuration is:
192.168.77.1 - Pfsense WAN IP
192.168.77.254 - Pfsense WAN gateway - > IP of the Mikrotik router.
RB960PGS
ether1 → ISP modem connection → Configured with FIX IP
ether2 → CRS326 LAN Switch
if I set masqurade nat rule, than I have internet connection, but I cant pass the original packets which comming from the ISP on ether1 throw the ether2 and targeted as the Pfsense WAN IP which is 77.1
I use the RB960PGS because there is two ISP. the RB960PGS is the gateway of the Pfsense, so if one of the ISP is down the RB960PGS script can change the connection.
The Pfsense WAN interface is not configured for managing the ISP.
I have made a small illustration, maybe you could understand better.
The RB960PGS works like a Gateway between the two ISP and the Pfsense across the CRS326 bridge.
(First of all I am looking for the single internet solution, I have already tested a dual wan configuration and the ISP chaging will works, but accessing from WAN IP + Port → I should hit the Pfsense across the RB960PGS and CRS326 and arrive to the right LAN location which is already configured on the Pfsense.
Okay so you have a HEX, as the gateway receiving two ISP connections.
a. What LAN subnets does the hex provide?
b. Does the switch just act as a managed switch moving vlan traffic back and forth between devices attached to the switch and of course vlan traffic to and fro the internet.
c. What is the purpose of the pfsense device, strictly servers???
Hi!
a.
I have set Fix ip for ether1 (ISP1)
I have set ether2 as 192.168.70.254/24
I have made a masqurade srcnat on ether1.
b. yes the switch handles the vlans, vlans on pfsense too.
c. the virtual pfsense firewall is the firewall.
Why did I started to solve this?
This is already made by somebody else, and have no password for the device. I should replace the device with the same functionality. I have tried once alredy. Because of the masqurade nat rule and because of the default route the servers had connection, so I have working connection, but the services like VPN, webserver etc etc not working.
I have asked the guy who made it before he talked about routing and forwarding the packets.
I have tried to set dstnat rule with to addess the pfsense WAN IP (70.1)
I got the problem.
The issue is, mikrotik changing the header while passing data to the pfsense, so when I open the wan IP from outside my request will never reach the target host. I have internet because of the masqurade rule.
