Pfsense assistance

[mike156]

I have a device with a public IP assigned to it, I am playing around with Pfsense and i'm not sure how to go about getting traffic through the pfsense firewall to this device, being able to place it into a DMZ type of setup would be good.

Setup is as follows:

Internet-->
Mikrotik wireless-->192.168.1.1
Pfsense WAN-->192.168.1.2
PFsense LAN-->192.168.0.1
Public IP Device-->41.79.XXX.XXX

If I have left anything out please let me know, any assistance would be appreciated.

 

[gfmalan]

what kind of device is it? if it is a static dsl service or fibre connection you need to connect it to the WAN side of the f/w, if you would like to connect the Mikrotik as another source/internet/network, then you need to add another adaptor(network card) and connect it to the f/w.

If the device you are referring to is a camera/phone/server of some sort, then you need to put it on the DMZ/LAN side and use rules to point traffic from say wan2 to lan or wan to dmz etc.

Maybe start by telling what the device is, then over which medium do you want to connect it to the WAN side?! (DSL/Fibre/WiFi/3G etc)

please PM me if I need to answer quickly

 

[DrJohnZoidberg]

Think you'll have to be more specific

 

[mike156]

here goes.

The mikrotik is used for WAN connection from our ISP. I have no access to this device.

The public IP is used on the office CCTV DVR because port forwarding is not possible according to our ISP.

 

[gfmalan]

Ok, for this to work you need 3 things to happen,
Fixed IP, correct gateway address, and port numbers used on DVR
Port numbers forwarded on PFSense,
Static Public IP address assigned to you

Can I assume the DVR were connected and working before the PFSense box?
If so, then what was the ip of the DVR? 192.168.1.2? If not and say it was 192.168.1.100 with subnet 255.255.255.0 and gateway 192.168.1.1 then you must make your WAN address on PFSense also that.
If your DVR had a 41.x address then it change the picture allot.

Say it never worked, then you must decide on IP range for the WAN an LAN environments, or you need to stick with the one you have now. Then you ask your isp to forward all traffic for The 41 address to the 192.168.1.2 address. (Or what ever the WAN adaptor address is)

What this will do is if you are on the outside, and you hit that ip (41.x) then it will connect you to the WAN adaptor of the PFSense box.

So the next step is to determine what ports you use on the DVR, some use 80 (if you open the cameras in normal web browser, or some use 8000, or a custom port.

Then put your DVR on static address on the LAN, And the gateway must by the LAN adaptor on your PFSense box, so excluded this ip from DHCP, or put it on reservation on DHCP, any way that suit you so long the ip stay the same, like 192.168.0.40 255.255.255.0 192.168.0.1

Then on the firewall rules/port forward section on PFSense, you must add a rule to forward the port like 8000 or 80 from the WAN adaptor to LAN, and then the selected IP (192.168.0.40)

Then you've created a route from the 41 address to
PFSense, and to the DVR, and if the gateway address is correct on DVR, the traffic will return to PFSense, and if PFSense is correct, It will return to your device on the internet (tablet/phone/notebook)

If the DVR was on a 41.x address, it mean that the isp gave you a static ip, and that they programed the Mikrotik to have 2 IP's.b192 and 41.

So you can still connect you DVR on the LAN as described! But make the WAN address the old 41 address of the DVR, you'll find that the subnet would be different like 255.255.255.248 Make sure to specify that and the correct gateway on the WAN adaptor. Same port forwarding rules would apply on PFSense

Again you're welcome to PM me