I'm trying to figure out how to get 192.168.0.22 to properly ping/be able to transfer files with 192.168.77.10. Firstly, is this a dumb setup? I'm mainly using it right now just for educational purposes, such as this question I'm asking now.
I am able to ping the firewall's LAN address 192.168.77.254 from 192.168.0.22 and when I traceroute from 0.22 to 77.10 I get it to show 192.168.0.254 but then it gets lost from there.
I've tried setting up liberal allow rules on both LAN and WAN interfaces and a 1:1 NAT as well with no luck. Any advice on what I am doing wrong?
Thank you.
UPDATE (adding static route image on 192.168.0.1 router and traceroute from 192.168.0.22 to 192.168.77.10 firewall logs)
2 Answers
As mentioned in my comment, you will need to disable outbound NAT, otherwise the replies from backup drives won't be recognized as replies by MediaServer as their source IP address will become 192.168.0.254, which differs from the original traffics' destination address 192.168.77.10 (because destination NAT a.k.a. port forwarding was not involved). Both manual and disable should work:
But apart from that, you will also need to configure the firewall for a bit. You can either simply disable the firewall entirely:
which would also disable outbound NAT (so the first step can be skipped if you opt for this);
Or, you can add a WAN firewall rule. For example:
Note that because the WAN side subnet in your case is a private one. You must additionally disable "Block private networks" if you chose to add an exception/pass rule only:
For the record, ideally speaking it would be best to have the route 192.168.77.0/24 via 192.168.0.254 configured on the 192.168.0.0/24 hosts, so that the communication in concern will be symmetric and not involving Router at all. (Well, I mean the router part of Router; certainly the switch part of it is always involved.) Other than configuring that manually on every host, replacing the DHCP server on Router with a more customizable one that allows you to configure additional route(s) to push is another option.
For example, you can configure pfSense to host a WAN-side DHCP server (I assume it is capable of what I just mentioned). But certainly the process to set that up is most likely troublesome.
P.S. The test / showcase was done with OPNsense here but I don't suppose it differs a lot from pfSense. The bottom line is, the ideas apply anyway.
Your media-server will dumbly forward any traffic outside 192.168.0.0/24 to its default gateway (which is 192.168.0.1) and trust that gateway to forward it any further.
Do you have a static route setup on 192.168.0.1 to tell it that 192.168.77.0/24 is reachable via gateway 192.168.0.254 ?
Please bear in mind that even though 192.168.0.1 can directly see 192.168.0.254 it will have no idea what is BEHIND that pfSense node. The static route will give it that information.
If you can't add a route to 192.168.0.1 itself you will need to setup that route on each device that needs to reach 192.168.77.0/24 (like the mediaserver).
5
