• Multi WAN setup with DSL Router on LAN(VIP)

    1
    0 Votes
    1 Posts
    278 Views
    No one has replied
  • Dual WAN/Multi WAN

    1
    0 Votes
    1 Posts
    400 Views
    No one has replied
  • Meaning of "Default" Gateway

    3
    0 Votes
    3 Posts
    629 Views
    W

    Thank you very much for a very clear answer.

    Cheers

  • HUAWEI E3372 as WAN failover

    1
    0 Votes
    1 Posts
    343 Views
    No one has replied
  • Routing using a managed HPE Switch

    9
    0 Votes
    9 Posts
    741 Views
    M

    What? Does that have to do with anything?  Outbound nat has zero to do with access to other segments.. Pfsense doesn't even nat between networks on the lan side.  It only would nat between a lan side interface and a wan (one with gateway set on it directly)..
    I attach my outbound nat rules so that you can figure it out.. even if comments are in italian :-)
    192.168.10.0/24 is a subnet leading via an Ubiquiti Antenna to my house. To let this have access to the OpenVPN via the pfbox i had to create that rule.. otherwise… no result...
    192.168.4.0/24 is another subnet under which i have a couple of machines that need access to the VPN as well.. so i natted it...

    You cold have 100's of vlans on your switch.. .Doesn't make it layer 3 routing… Did you set a SVI (Switched Virtual Interface) on these vlans? Ie set an IP address on these vlans?
    I set 2 different virtual interfaces on the respective Vlans and gave them IP address, ending .1 for each subnet.

    I imagined that natting was not the top, but creating the firewall rules for each interface was not enough to allow traffic, for example, from "madhouse" to "openvpn".
    And actually, from the other end of the vpn i cant access "madhouse"…
    the vpn tunnels in 192.168.30.0/24, and the subnet on the other hand is 192.168.0.0/24, so not conflicting with any other of the interfaces...

    NAT.png
    NAT.png_thumb

  • Multi Lan setup do not work properly.

    7
    0 Votes
    7 Posts
    537 Views
    J

    Thanks.
    I will give it a try  :)

  • Multi-WAN, High Availability, policy routing. Failover breaks connections

    28
    0 Votes
    28 Posts
    5k Views
    Z

    Thank you for your reply, I really appreciate.

    I've double/triple checked and the pfsense/os interface names are following on both nodes:
    WAN: vmx0 (WAN1)
    LAN: vmx2 (LAN)
    OPT1: vmx1 (WAN2)
    OPT2: vmx3 (SYNC)
    OPT3: vmx4 (DMZ) not used yet

    edit: LAN and WAN2 description swapped.

  • 0 Votes
    3 Posts
    3k Views
    J

    Faced the same issue. Can't avoid using gateway switching since pfsense itself will not be able to reach Internet in this case. Any suggestions?

  • Unable to access a host on another subnet but can from pfSense [SOLVED]

    33
    0 Votes
    33 Posts
    4k Views
    L

    Thanks for the info and all the help. Cheers. 8)

  • Two ISP connections and a wireless bridge, probably with VLANs

    1
    0 Votes
    1 Posts
    246 Views
    No one has replied
  • Routing with multiple gateways on a single WAN intarface

    15
    0 Votes
    15 Posts
    993 Views
    E

    That would be great. Might see if I can spin up a test setup & see what happens.

  • Routing between PFSense and second router ???

    22
    0 Votes
    22 Posts
    4k Views
    C

    Thank you!  :D

    Your help will always be appreciated here, at least by me anyway!

    I'm happy to share anytime! I'm one of the odd-balls that is doing everything with actual hardware and NO Virtualization…

    I hear ya; learning new information all the time! However this is all new to me and this community has been absolutely crucial!

    I'm the type of person that simply loves to learn something new anytime or even all the time!  :D

    Good luck to you as well in your endeavors!

  • Cant get VLAN to work

    1
    0 Votes
    1 Posts
    315 Views
    No one has replied
  • Masquerading/Seperating Seperate LAN's

    1
    0 Votes
    1 Posts
    243 Views
    No one has replied
  • All WANs down at the same time

    1
    0 Votes
    1 Posts
    310 Views
    No one has replied
  • Multi-WAN keeps UDP state too long for IAX2 / port 4569

    3
    0 Votes
    3 Posts
    403 Views
    C

    Should this be listed as a bug, or is this an intended feature?  If UDP maintains state longer than the default timeout, it seems like a bug.

  • Split Routing over WAN and VPN [gui bug]

    6
    0 Votes
    6 Posts
    697 Views
    4

    what a bumber…... imported 2006 networks, have discovered i need to add a new one but there is a gui bug.

    Have tried to add via Edge and Firefox on Windows and Linux, but experience the following;

    page load time is long when adding the network, is takes a while to respond and firefox gives "a webserver is slowing down your browser" page refreshes and the new network is not added

    The work around was to add the new address to the import list in excel, and create a new alias from scratch.

  • Routing LAN VLAN to to WAN VLAN

    8
    0 Votes
    8 Posts
    3k Views
    DerelictD

    When I changed the oubound nat rule from using the WLWAN to the WAN interface, it started working.

    That is because that is how it works. No mystery here. Outbound NAT on the WLWAN interface NATs traffic going out WLWAN, not WAN.

    Outbound NAT does zero to affect what traffic is routed where. It only defines what translations take place when traffic flows out that interface.

  • 10gb routing not even close

    5
    0 Votes
    5 Posts
    5k Views
    D

    moved to https://forum.pfsense.org/index.php?topic=139588.0

  • CARP Secondary Unreachable Over VPN

    2
    0 Votes
    2 Posts
    357 Views
    V

    The rule should be active on both, so you can also access FW1 while FW2 is master. However, since you will have activated NAT rule sync in System > High Availability Sync you only need to set it on FW1 and must set up a rule, which can work on both.

    Assuming you want to access your firewall by their LAN IPs:
    First add an alias for both LAN IPs, the master and backup. Firewall > Aliases > IP. Call it e.g. FW1_2_LAN.
    Go to Firewall > NAT > Outbound. If the Outbound NAT Mode is set to Automatic check "Hybrid Outbound NAT rule generation" and hit Save below.
    Then add a new rule:
    Interface: LAN
    Protocol: TCP
    Source: <vpn tunnel="" subnet="">Destination: "Network" and enter "FW1_2_LAN" (the alias you've added first)
    Translation Address: Interface address
    Save the rule.

    Now source addresses of outgoing packets leaving the masters LAN interface destined for the backups LAN are translated to the masters LAN address, so the backup sends its responses back to the master and they are directed back to the VPN client. This also works reverse on the other firewall while it's the master and the vpn client is connected to it.</vpn>

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.