So post your routing table, please. Diagnotic > Routes

Why would you not just use that as an AP..I am not aware of the native firmware being able to turn of natting and just route.. If you did that then your 192.168.150 would have to be a transit network or your going to run into asymmetrical routing issues.

Your better option here would be to just have it be an AP, and then hang that 192.168.20 right off pfsense.

In your current setup you would just setup port forwarding on that soho wifi router and then hit the 192.168.150.11 IP to get forwarded to what you want to use behind it.

You are right! I have overseen a mistake in VLAN configuration on the esxi host. This was the problem. pfsense is working in the described configuration.

Thank you for your support.

@mrpijey said in Routing LAN networks:

went on for so long without a single clear answer of how to setup pfSense to allow traffic between networks.

As already stated there is NOTHING to do for routing.. NOTHING!!!! I mean ANY router that has directly attached interfaces will know how to route between them.. PERIOD!! The only time you would have to add routing info would be if you have specific upstream networks that need to go somewhere different than your default router, or you have downstream networks via a transit network.

Your also running a firewall - so yes you will have to create a firewall rule to allow the traffic. Pfsense only put default any any rule on your lan, any other interfaces you create will have zero rules out of the box.

Your thread turned into asking about vlans and hyper-v.

You were told less than 30minutes after your post that you would have to create firewall rules to allow traffic between interfaces.

A lot of ISPs run private networks that route public addresses to their customers. My WAN IP is 209.x.y.z and my upstream is also on 209.x.y.z-1, but it all connects to a 10.230.0.0 network.

Port forward rules for the inbound connections. Outbound NAT for the outgoing connections. It works.

@dragoangel said in Routing to another subnet off WAN interface:

Why not configure IKEv2 site-to-site IPsec? It easy 5 minute job Karl!

As the traffic is still on our network we didn't need the encryption/overhead of the VPN (traffic could be ~500 Mb/s). I did consider just a tunnel if I couldn't get the routing to work but have now got it sorted as above.

hehehe - yeah thats is what I figured ;)

There are methods available that let you do this such as MLPPP which pfsense can do.. (if your connection uses pppoe and your ISP is on board) and other bonding type services.. But it takes cooperation by your ISP and special equipment if you are not pppoe.

https://forum.netgate.com/topic/143156/is-dual-wan-possible-maybe-with-aggregation

It's an upstream issue in FreeBSD, so we do not know.

@johnpoz Im using he about 2 years with multi wan in office. Im ok with it, but native is little quicker. This case is data center. I want provide my services over ipv6 too. And i don't need many /64 due there is will be not much networks (lan and vpn thats all). I read about npd proxy before when have "luck" to configure ovh servers and end up too use he.net. this another dc and hope I can explain that their ipv6 networking work only for one dedicated server and not for dedicated l2 segment with routed gateway... Thanks

https://docs.netgate.com/pfsense/en/latest/routing/multi-wan.html#weight

no_wan_egress is your Google/pfSense search topic of the moment... or have a look at @Derelict's signature.

@Auguste / @Tehzie223

Should I use a DMZ based on public or private IP addresses?

If you want your servers in your DMZ be accessible via either WAN1 or WAN2, you have to do one of two things:

a) if you have more than 1 IP for your WAN1/2 setup - say a /29 or bigger network segment - assign your server an address from both pools and setup it's DNS name with both IPs as A records. That would be DNS round-robin as you can't exactly steer which IP the client would take to resolve the DNS and access the client

or more likely use

b) assign your DMZ a RFC1918 private IP range not used anywhere else. Then setup port forwardings on the public IPs you want that server to respond to on both WAN1/WAN2 to that private IP on the DMZ. As pf NAT rules will automatically add "reply-to" cases to the rules, your traffic will go the way it came in, so if you access the service via a.b.c.d via WAN1 you'll get the answer pakets back through WAN1 to your client. If you access it via x.y.z.a via WAN2 it will work, too.

With b) you can access it via IPs on either WAN1/2 at any time. Calling it via DNS name, you could either use a single name with both IPs as A records and have the same round-robin as in a) above or use multiple DNS names, say "myservice-1.domain.tld" and "myservice-2.domain.tld" to and link those two names to wan1/wan2 address and use it accordingly.

Also we try to switch off all offloading we can find. It doesn't help. Still broken checksums.

I was hoping to setup a blocking rule for everyone but the CCTV recorder for WAN1, but I'll have a look at traffic shaping and see what I can do there.

Thank you for your help.

@pponce said in Multicast Routing:

ip_mroute.ko

https://redmine.pfsense.org/issues/9631

JimP closed this particular redmine with the comment that a pimd package would be the way to go. Maybe a bounty in order??

Anyone have a copy of ip_mroute they can give me for 2.4.4? (freebsd v 11.2) or 2.5 (12)

Edit- ip_mroute is actually in the pimd package contents. Though it is from 2012..

@BarryVereijssen said in Switching from KPN PPPoE to IPoE:

@wickeren I have the same issue (also KPN zakelijk) did you find a solid solution? I have an all Unifi setup (USG Pro as router) and want implement this IPoE too.

This forum is about Pfsense, not about Ubiquiti. Doesn’t have one too so can’t help...