The pfSense Store

Author Topic: Troubles connecting between two separate pfsense firewalls  (Read 1765 times)

0 Members and 1 Guest are viewing this topic.

Offline rbishop

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Troubles connecting between two separate pfsense firewalls
« on: November 07, 2011, 11:23:48 am »
New to the forum here, so please forgive me if I am posting in the wrong place.

Here is my situation.

I have two separate pfsense firewalls setup.

Firewall A: WAN IP x.x.x.x
             LAN IP y.y.y.y (these are also public IP's)
             Multiple devices(servers) behind the pfsense firewall with public y.y.y.y IP's
             The world can get to these IP's, and they can get out to the world no problem.

Firewall B:  WAN IP x.x.x.z
                LAN IP 192.168.1.1
                Multiple devices behind this firewall and are able to get to the world, except the LAN IP's on Firewall A.

I am able to get to the WAN IP of Firewall A and also the LAN IP of Firewall A, but I am not able to get to anything else in the Firewall A's LAN range from Firewall B.

I have looked over the configs of both firewalls and they all seem correct.  I am able to browse the web from behind both of the firewalls.

Any thoughts or ideas would be greatly appreciated.  Let me know if you need anything else. 


Offline podilarius

  • Hero Member
  • *****
  • Posts: 1768
  • Karma: +0/-0
    • View Profile
Re: Troubles connecting between two separate pfsense firewalls
« Reply #1 on: November 07, 2011, 02:00:22 pm »
Are you able to get to LAN range on firewall A from something connected behind Firewall B? It was not clear if it is just the Firewall B interfaces or all of Site B that cannot get to Site A.

What rules do you have on Firewall A? Are there anything in the firewall logs on the Firewall A?

Offline rbishop

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: Troubles connecting between two separate pfsense firewalls
« Reply #2 on: November 07, 2011, 02:19:52 pm »
Podilarius - No I am not able to get to anything other than the LAN IP of Firewall A from Firewall B.  Firewall B is able to get to the rest of the world...ie Google, MS, Yahoo, etc.  Firewall A is able to get to the outside world.

I have not tried setting anything up behind Firewall B(services http, ftp,etc) and tried to get to it from Firewall A.

On Firewall A i have typical HTTP/HTTPS, SSH ports open.

Offline podilarius

  • Hero Member
  • *****
  • Posts: 1768
  • Karma: +0/-0
    • View Profile
Re: Troubles connecting between two separate pfsense firewalls
« Reply #3 on: November 07, 2011, 05:43:32 pm »
What rules do you have in place on Firewall A?

Offline rbishop

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: Troubles connecting between two separate pfsense firewalls
« Reply #4 on: November 07, 2011, 06:00:33 pm »
Here are the rules i have setup on Firewall A

        *    RFC 1918 networks    *    *    *    *    *    Block private networks    
        *    Reserved/not assigned by IANA    *    *    *    *    *    Block bogon networks    
    TCP    *    *    209.43.3.148    25 (SMTP)    *         Hosting - SMTP     
    TCP    *    *    209.43.3.148    110 (POP3)    *         Hosting - POP3     
    TCP    *    *    209.43.3.148    80 (HTTP)    *         Hosting - HTTP     

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Troubles connecting between two separate pfsense firewalls
« Reply #5 on: November 07, 2011, 07:06:03 pm »
Assuming there's no VPN between the two, access from B to A should be the same as access from anywhere on the Internet to A. One possible exception is if you're running 1.2.3 on a fresh install, didn't finish the setup wizard (which updates the bogons at the end) and your site B has an IP assignment that's in bogons. If you started with 2.0 that wouldn't be an issue since its bogons list is up to date out of the box since it's a new release. Check the firewall log for blocked traffic on the A side.

Offline rbishop

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: Troubles connecting between two separate pfsense firewalls
« Reply #6 on: November 08, 2011, 06:41:56 am »
Both of my Firewalls are 1.2.3.  Do I need to update them both?

Offline podilarius

  • Hero Member
  • *****
  • Posts: 1768
  • Karma: +0/-0
    • View Profile
Re: Troubles connecting between two separate pfsense firewalls
« Reply #7 on: November 08, 2011, 07:09:41 am »
Both of my Firewalls are 1.2.3.  Do I need to update them both?

Yes.

Offline rbishop

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: Troubles connecting between two separate pfsense firewalls
« Reply #8 on: November 08, 2011, 08:11:50 am »
I have now upgraded both of my Firewalls to the latest version 2.0.  I am still not able to get to the devices behind Firewall A from behind Firewall B.

Offline Mike G

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +0/-0
    • View Profile
Re: Troubles connecting between two separate pfsense firewalls
« Reply #9 on: November 08, 2011, 09:38:50 am »
I`m trying to accomplish the same thing, can`t.  Here`s what I did, what worked, and what did not work. That might help you, and might help people help you (and, think of it, it might help me too!)

- I setup a Linux server at some hosted place with a route that basically says:  192.168.1.0/24 via 55.55.55.55 (the public IP of pfSense B)
- configured pfSense to accept all connections from that Linux server

I can ping 192.168.1.x from that server, which is on a totally separate network! Everything works fine.

Now, I have another pfSense (call it pfSense A). I want, from that pfSense diagnostic "ping" screen, to be able to ping 192.168.1.x. I can`t. I can`t setup a route, because the route needs a gateway, and that gateway wen being created, needs to be on the same subnet as my pfSense A public IP (which isn't 55.55.55.xx)

Is this what you are trying to do too?


Offline rbishop

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: Troubles connecting between two separate pfsense firewalls
« Reply #10 on: November 08, 2011, 11:52:03 am »
Yes this is what I am trying to do.


From Firewall B I am able to get to the WAN IP of Firewall A but nothing further...

I have now setup a server behind Firewall B.  I am able to get to it from anywhere, including from behind Firewall A....

Offline Mike G

  • Jr. Member
  • **
  • Posts: 67
  • Karma: +0/-0
    • View Profile
Re: Troubles connecting between two separate pfsense firewalls
« Reply #11 on: November 08, 2011, 12:05:33 pm »
Then haven`t you accomplished what you want? (please tell me how you did this?)

Or is this just through port fowarding?

Offline rbishop

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: Troubles connecting between two separate pfsense firewalls
« Reply #12 on: November 08, 2011, 12:10:20 pm »
Firewall A has public IP's on both inside and outside interface.  I have rules setup for each of the systems on the LAN side for HTTP, SSH, etc.  Firewall B is a "typical" router in that it is setup with a Public IP on the WAN and Private IP's on the LAN.  I do have multiple Public IP's that I am just port forwarding on Firewall B, in this case to HTTP and SSH.

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Troubles connecting between two separate pfsense firewalls
« Reply #13 on: November 08, 2011, 03:42:54 pm »
Rules need to be on WAN to allow traffic in from the Internet, not LAN. I suspect your rules aren't permitting the traffic, are you seeing it getting blocked in the firewall log?

Offline rbishop

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: Troubles connecting between two separate pfsense firewalls
« Reply #14 on: November 08, 2011, 03:44:47 pm »
CMB sorry I do have the rules setup on the WAN interface.