I have two lab servers, both in the 172.16.1.1/24 range. One is being used as a NAS while the other is being used as a hypervisor. The ESXi server contains the pfsense firewall with VM’s in the 192.168.1.1/24 range. The VM’s are unable to access the NAS. What settings do I need to modify in pfsense so the VM’s on 192.168.1.1/24 can hit the NAS at 172.16.1.2?
NAS - 172.16.1.2
ESXi - 172.16.1.3
pfsense lab firewall WAN on ESXi - 172.16.1.4
VM LAN behind pfsense - 192.168.1.1/24
Routing NAS traffic via a firewall is less than ideal, but should work as long as pfsense is routing traffic.
Definitely not ideal, but the only option I have.
I can ping the NAS from behind pfsense, but I can’t hit the website or access the SMB share. I can only access the share or webpage from the 172.16 network. I’m using TrueNAS, which does not have a a local firewall that could be preventing access (that I’m aware of).
Worth checking the firewall logs to see what’s blocked, check for ports 445 (SMB) and 443 (HTTPS).
To confirm, it looks more / less like this?
Yes, that’s basically the design. Where would I check the firewall rules? Nothing is being blocked outbound via pfsense.
Check the documentation out here: System Monitoring — Viewing the Firewall Log | pfSense Documentation
Also worth running a traceroute from both ends to make sure routing works as expected and Truenas has a route to the lab VM network.
Thanks for the reply, I got it working. It ended up being an issue where I just needed to create a firewall rule to send that destination out the default gateway rather than the “WAN” interface.