@popquiz so with your any rule on lan.. There should be no reason you should not be able to talk to anything on opt2 no matter what the IP is.

Your saying from device on lan you can ping opt2 pfsense address 204.150.150.145?

But you can not ping a device on this network, say .146

Can pfsense itself ping this .146 address?

If so I would suggest a sniff - from your lan device get a ping going to the .146 address, do you see pfsense sending that out on opt2?

You can do a simple packet capture under the diagnostic menu, on the opt2 interface. If you see traffic going out the opt2 interface.. But no response - that points to this opt2 device not pointing to pfsense .145 address as its gateway. Or it is running a firewall.

@lfred yeah in the data sheet they use the term "Layer 2+/Lite L3 features"

If you would of just used it as L2 and done routing on pfsense between your vlans/networks you would of had far less trouble..

Routing at the switch level is almost never needed in any sort of home setup.. Unless what you have doing your routing is not really capable of routing at wirespeed.. And you really want some devices on their own vlans. But your really going to have way less ability to actually firewall between these segments. Even with a fully managed L3 switch, I have one the ability to limit traffic between these vlans is difficult and convoluted.

If you want to try vlans again - there are many entry level smart switches that can do vlans in the $40 price range.. which prob way less than that netgear you had.

It seems like this problem is still with pfsense. Any improvements on this issue?

@atari
It just seems to be disabled.

Simply point the mouse over the check mark next to the trash at the right side and click to re-enable it.

@kasproso
https://docs.netgate.com/pfsense/en/latest/nat/1-1.html#nat

NAT 1:1 does network address translation on both, inbound and outbound traffic.
The interface you want apply this might be WAN rather than an internal interface, naturally.

@chriss199815 said in Do I need a Route from Lan to WAN:

I use it to segregate the Network in a clean fasson.

That would be accomplish with say 10.0.0/24 and 10.0.1/24, or say 10.0.0/24 and 172.16.0/24 ;)

What ya going to do if you use 10/8 and 192.168/16 and 172.16/12 for your 3 segments if you happen to need a 4th segment ;)

rfc1918 is huge amount of space - but not so much if you use up one of the 3 network ranges on 1 segment...

Well if your clients are not getting dhcp from pfsense, it would indicate they are not actually connected to a pfsense network - and then yeah that would explain why they can not get to the internet through pfsense ;)

So you see no dhcp discover in pfsense logs? How exactly do you have pfsense and clients connected to your network? Is there some VM involved?

Thanks!
I'll check situation according your advice.

Hello,
I am a newcomer,
I have just updated, I am still waiting...

@smalldragoon said in Send Traffic from 1 host to a specific GW:

anything in PFSense preventing RFC1918

Each interface has a "Block private networks and loopback addresses" checkbox but that would normally be for inbound traffic.

@viragomann I think this is the best approach. Initially I thought I would like to route other vms through it, but pfsense is taking care about all the traffic, so I'll definitely try this out :)

@dkyyz said in Routing between LAN fails, traceroute shows traffic goes to WAN ONLY:

Firewall rules are like routing rules (not sure if my wording is correct)

If you policy route with them sure..

https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#bypassing-policy-routing

@cb4718
If NordVPN is your default route ("Don't pull routes" unchecked in the client settings) the access server OpenVPN tunnel should be routed to NordVPN as well.

If it isn't and you're routing the traffic to NordVPN using policy routing rules you have also to set up policy routing on the OpenVPN interface for the tunnel network.
Consider that you will also need to add an outbound NAT rule to the NordVPN interface for the tunnel network.