I have a pfSense firewall/router that is exposing some services to my public ip.
This is working fine, as long as the service is on the primary LAN subnet (192.168.1.0/24), let's call it LAN-A.
E.g. this works:
public_ip:443 -> pfSense (NAT) -> 192.168.1.20:5443 (reverse proxy)
I additionally have a second LAN 192.168.88.0/24, let's call it LAN-B, that is behind a Mikrotik router on 192.168.1.111. In pfSense I have a static route for the network 192.168.88.0/24 specifying 192.168.1.111 as the gateway for it.
From LAN-A I can now connect to hosts in LAN-B, e.g. 192.168.88.10, transparently, the same as to hosts in LAN-A (apart from a strange issue with ssh mentioned here, still unsolved). (Hosts on LAN-B can also connect to the internet normally, because the Mikrotik router specifies the pfSense box on 192.168.1.1 as gateway to its clients).
So far so good. But now I want to expose a service on LAN-B, say 192.168.88.10:10000 via NAT on my external IP. So I do the same as normally:
public_ip:10000 -> pfSense (NAT+Rule) -> 192.168.88.10:10000
This, however, doesn't work (and nmap from outside shows the port as filtered, where within the LAN it is open). So it seems that the NAT logic doesn't know about my static route?
It seems somehow logical, because the static route "lives" in the scope of my local interface (LANBRIDGE) of pfSense, and the firewall (NAT) between WAN and LANBRIDGE, so it probably doesn't know the connection to 192.168.88.0/24 goes through 192.168.1.111. But how to make this work?
