Reverse shell from behind NAT and Firewall


I am new here so I apologize for not providing complete details. Let me explain you the problem now. I was working on Ganana 1 CTF challenge. To up the challenge, I decided to place this CTF machine behind a router. My entire LAB is on Vmware. For this scenario, I used three virtual machines : Kali, Ipfire and Ganana 1 CTF machine.

Kali Linux is my attacker machine which received its IP from VMWARE NAT (192.168.44.5).

Ipfire is installed as a router cum firewall with RED + GREEN configuration. The RED (external) interface received its IP address (192.168.44.3) from Vmware NAT and for the GREEN interface IPfire acts as a DHCP server (192.168.33.1).

Now, I connected Ganana CTF machine to the GREEN interface of the IPfire. It’s IP address is 192.168.33.11.

The GREEN interface is allowed to have internet. Now, when I port scanned the Ganana CTF machine from my kali, port 80can be accessed. As part of the challenge, I got access to the wordpress installation on the target machine. It is here I decided to edit 404.php page to change the code to that of php reverse shell by pentest monkey. I configured it to connect to my attacker machines’ IP address (192.168.44.5) port 1234. But the reverse shell is not working. However, when kali and Ganana 1 are placed on the same network (NAT) the shell is working.

What is the mistake I am making?