Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 3332 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port forward double nat

lauwiks Cutman

Bonjour a tous 

Je vous contact car je rencontre un problème qui me rend chèvre depuis quelque jour voici mon schema reseau

 

 

Mon problème est que je n'arrive pas a faire de port forwarding depuis ma connection VPN vers le lan 192.168.10.0/24 .

J'arrive a redirigé le traffic outbound depuis mon nas vers le VPN 

Mais je  n'arrive pas a faire du traffic inbound depuis la connection VPN vers le nas 

J'ai deja retourné ma configuration dans tous les sens et je ne vois pas ou cela me pose probleme

 

 



This thread was automatically locked due to age.
Parents
  • 0

    Hello ,

    It does seem you have connected your VPN between XG and PFsense router using site to site connection. Now From remote end you must have connected to Pfsense via VPN so DNAT rule would not work. You can access the NAS drive while creating a rule from VPN to LAN on the firewall and make sure that your NAS network is added in both VPN profiles.

Reply
  • 0

    Hello ,

    It does seem you have connected your VPN between XG and PFsense router using site to site connection. Now From remote end you must have connected to Pfsense via VPN so DNAT rule would not work. You can access the NAS drive while creating a rule from VPN to LAN on the firewall and make sure that your NAS network is added in both VPN profiles.

Children
  • 0 in reply to Aditya Patel

    Hello @aditya patel 

    Possible that my schema is not clear enough.
    My sophos XG and Pfsense are not connected via VPN but in lan
    The VPN link is only between the pfsense and my VPN provider (this link is in OpenVpn)

  • 0 in reply to lauwiks Cutman

    Hello ,

    Now the scenario makes sense.  Why do you need to DNAT the traffic when the firewall is connected to PFsense via LAN? You could simply create a LAN to LAN rule to allow it and conduct SMB or AFP to that NAS drive. Obviously that you would need to connect with the private IP address rather than using a public one. It does seem you have created a DNAT between WAN and LAN zone but you are directly connected to LAN from PFsense.

  • 0 in reply to Aditya Patel

    Hello and thank you for the answer

    I need this configuration for P2P traffic
    Because only the P2P traffic (outgoing and incoming) must go through the link between the sophos XG and the Pfsense.
    The rest of the traffic must have gone through my supplier

    Outgoing traffic does not pose any problem
    It's mainly the traffic enter that poses me problems

    The sophos XG does not manage the openVPN, so I have some cunning
    But maybe I have complicated my life and there is a simpler solution, I'm interested

  • 0 in reply to lauwiks Cutman

    Hello ,

    Do you intend the incommig traffic via  VPN ISP > Pfsense > P2Plink >XG>NAS ? or do you wish the traffic to reach from ISP orange > Live BOX > XG > NAS ?

    Both of the option would work differenty. If you choose  ISP orange > Live BOX > XG > NAS then you can simply create a DNAT rule on your LIvebox and map it with Sophos XG WAN interface and a Buisness Application DNAT rule on XGto map with NAS drive. 

    As for the 1st Option, the DNT rule will not be needed as you can directly connect to NAS drive when connected to PFsense Network via P2P link.  It does seem you have setup a VPN router so it would work with OpenVPN server. On the other end, how many clients do connect to this NAS drive? Also, have you considered using IPsec Connection to XG firewall instead?