F5F Stay Refreshed Power Users Networks Configure port forwarding for PFSSL HA cluster

Configure port forwarding for PFSSL HA cluster

Configure port forwarding for PFSSL HA cluster

R
Roofeh
Junior Member
Find
11
02-09-2025, 09:13 PM
#1
Hi everyone, I've been working on the home lab setup and this test configuration has presented a few challenges I've managed to resolve. For port forwarding to my main server, I set up a DMZ forwarder on the 4G modem and directed the PFense gateway to the virtual WAN IP 172.168.0.20. I assigned the two node cluster's virtual IP to that same address, but noticed it wasn't receiving a DHCP lease. At the moment, I'm using static mappings instead. Whenever I configure outbound rules pointing to the WAN IP 20, the web service goes down until I adjust things—then the LAN side appears as 192.168.10.1 and shows up as the default gateway. Each cluster startup triggers an error stating that the interface for 192.168.10.1 doesn't exist, so it skips that VIP. It functions normally for regular use, but I haven't addressed port forwarding yet. My questions are: Are my virtual IPs correct? Does my virtual LAN actually get a DHCP lease? Is my outbound rule configuration incorrect? I know double or triple-nesting can be tricky, so I'm not sure if that's the issue.
Reply
Reply
R
Roofeh
02-09-2025, 09:13 PM #1

Hi everyone, I've been working on the home lab setup and this test configuration has presented a few challenges I've managed to resolve. For port forwarding to my main server, I set up a DMZ forwarder on the 4G modem and directed the PFense gateway to the virtual WAN IP 172.168.0.20. I assigned the two node cluster's virtual IP to that same address, but noticed it wasn't receiving a DHCP lease. At the moment, I'm using static mappings instead. Whenever I configure outbound rules pointing to the WAN IP 20, the web service goes down until I adjust things—then the LAN side appears as 192.168.10.1 and shows up as the default gateway. Each cluster startup triggers an error stating that the interface for 192.168.10.1 doesn't exist, so it skips that VIP. It functions normally for regular use, but I haven't addressed port forwarding yet. My questions are: Are my virtual IPs correct? Does my virtual LAN actually get a DHCP lease? Is my outbound rule configuration incorrect? I know double or triple-nesting can be tricky, so I'm not sure if that's the issue.

Reply
Reply