Before I had this setup:
LAN: 192.168.1.0/24 (GW/router: 192.168.1.1) -> router 192.168.1.111 -> LAN2: 192.168.88.0/24
First router/GW pfSense box, second router Mikrotik (with firewall etc.).
To access e.g. the host 192.168.88.10:22, I had a port forward on the Mikrotik 192.168.1.111:30022 -> 192.168.88.10:22 so I could do this:
ssh -p30022 192.168.1.111
This was working fine.
New setup:
The purpose is to directly access hosts in LAN2 from LAN, to avoid having to manually forward a large number of ports.
Recipe:
Set a static route on the pfSense box: 192.168.88.0/24 -> 192.168.1.111
On the Mikrotik add to the firewall:
(where bridge consists of this router's internal interfaces, i.e. 192.168.88.0/24)
This appears to work well, i.e. http connections and ssh connections can be opened on hosts like 192.168.88.10 from the LAN.
However, ssh connections consistently hang after about 30-40 s. This is not a normal timeout (it works normally with port-forwards), so it must be related to routing/firewall.
I tested with:
❯ ssh 192.168.88.10 sh -c 'T=0; while [ 1 ]; do echo "Connected ${T} s"; T=$((${T} + 1)); sleep 1; done'
Connected s
Connected 1 s
Connected 2 s
...
Connected 33 s
(then it hangs)
From hosts on the .88.0 subnet I can access the internet and hosts on LAN fine, since I have the gateway for this subnet set to 192.168.1.1 (the pfSense box, which is my external router as well).
Any ideas?
EDIT: still no solution (after 1 month)...
