The pfSense Store

Author Topic: Forwarding traffic to IPSEC ?  (Read 1147 times)

0 Members and 1 Guest are viewing this topic.

Offline Guldil

  • Jr. Member
  • **
  • Posts: 41
  • Karma: +0/-0
    • View Profile
Forwarding traffic to IPSEC ?
« on: March 07, 2012, 03:00:44 am »
Hi,

I have a "simple" problem.

I have one pfsense box with dynamic IP & ADSL. I can't have more public IP from my ISP but i have to open two ssl websites.
So i build another pfsense box in a datacenter with 2 public IP.
I create ipsec tunnel between the pfsense box, it's working.

Pfsense Box 1 : DHCP for WAN / 192.168.1.254 LAN Net
Pfsense Box 2 : WAN IP / 192.168.201.222 + 1 virtual IP

From pfsense box 2, i can ping 192.168.1.6

Now i just want to redirect virtual ip to 192.168.1.6 ...

Is this possible ?

I tried NAT (port 80), i tried 1:1, nothing is working...

Thanks

Guldil


Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9996
  • Karma: +4/-0
    • View Profile
Re: Forwarding traffic to IPSEC ?
« Reply #1 on: March 07, 2012, 05:22:34 am »
I think the problem is that web server default gateway sends traffic back direct to clients public ip to internet.

If you can do outbound nat on firewall to translate client ip to firewall ip(192.168.1.254), then server can send traffic back to the correct link.

Offline Guldil

  • Jr. Member
  • **
  • Posts: 41
  • Karma: +0/-0
    • View Profile
Re: Forwarding traffic to IPSEC ?
« Reply #2 on: March 07, 2012, 09:34:04 am »
No it's not working... i have error in firewall from pfsense box 1, traffic from a client to 192.168.1.6:80 "blocked" ...
I create a rules to pass, same result.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9996
  • Karma: +4/-0
    • View Profile
Re: Forwarding traffic to IPSEC ?
« Reply #3 on: March 07, 2012, 10:25:56 am »
Can you monitor traffic on console or via web gui to see what is happening to package traffic?

Offline Guldil

  • Jr. Member
  • **
  • Posts: 41
  • Karma: +0/-0
    • View Profile
Re: Forwarding traffic to IPSEC ?
« Reply #4 on: March 08, 2012, 03:41:02 am »
I move to GRE Tunnel over IPSEC.

Now i have one more interface on pfsense and i can ping remote side with it from GUI.
I left GRE Interface on "none", i add gateway for GRE and add a route for remote LAN Subnet.

From pfsense box 2 (192.168.201.222), i can ping my web server 192.168.1.6 and from pfsense box 1 (192.168.1.254), i can ping pfsense box 1 (192.168.201.222).
I can ping with GRE IP adress (172.31.2.10)

But from server behind pfsense, i can't ping remote side ?

It's a problem with outbound NAT may be ?