@chriss199815 said in Do I need a Route from Lan to WAN:

I use it to segregate the Network in a clean fasson.

That would be accomplish with say 10.0.0/24 and 10.0.1/24, or say 10.0.0/24 and 172.16.0/24 ;)

What ya going to do if you use 10/8 and 192.168/16 and 172.16/12 for your 3 segments if you happen to need a 4th segment ;)

rfc1918 is huge amount of space - but not so much if you use up one of the 3 network ranges on 1 segment...

Well if your clients are not getting dhcp from pfsense, it would indicate they are not actually connected to a pfsense network - and then yeah that would explain why they can not get to the internet through pfsense ;)

So you see no dhcp discover in pfsense logs? How exactly do you have pfsense and clients connected to your network? Is there some VM involved?

Thanks!
I'll check situation according your advice.

Hello,
I am a newcomer,
I have just updated, I am still waiting...

@smalldragoon said in Send Traffic from 1 host to a specific GW:

anything in PFSense preventing RFC1918

Each interface has a "Block private networks and loopback addresses" checkbox but that would normally be for inbound traffic.

@viragomann I think this is the best approach. Initially I thought I would like to route other vms through it, but pfsense is taking care about all the traffic, so I'll definitely try this out :)

@dkyyz said in Routing between LAN fails, traceroute shows traffic goes to WAN ONLY:

Firewall rules are like routing rules (not sure if my wording is correct)

If you policy route with them sure..

https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#bypassing-policy-routing

@cb4718
If NordVPN is your default route ("Don't pull routes" unchecked in the client settings) the access server OpenVPN tunnel should be routed to NordVPN as well.

If it isn't and you're routing the traffic to NordVPN using policy routing rules you have also to set up policy routing on the OpenVPN interface for the tunnel network.
Consider that you will also need to add an outbound NAT rule to the NordVPN interface for the tunnel network.

@thomasyang If you want them on the same network, see this doc on Configuring the Switch Ports. Alternatively, plug a switch into LAN and then you have four ports.

@johnpoz There are no hosts on 10.43.0.0/24. This network is just used for the link between FW1 and FW2 via crossover cable (FW1 NIC Port 3 (IP 10.43.0.1) to FW2 NIC Port 2 (IP 10.43.0.2)).

That VPN Box is eventually misplaced. OpenVPN is actually running on the OPNsense box.

... I may have just figured out what was missing in this very moment, after some more try & error and your response. I can ping FW1 from FW2. The reason seems to be that for the crossover cabling the option "This interface does not require an intermediate system to act as a gateway" needed to be enabled on the interface. I will give some further feedback after more testing.

Edit: My bad, That was just a terrible mistake when testing. I still cannot reach FW2 from FW1 or vice versa. Do I need to setup a gateway?

BUMP

For anyone else who has this idea, I think it's a bigger pain than is warranted. I did more reading on libtorrent. The ports in the normal option menu of torrent clients are listen ports. When a connection is made and you seed a torrent, libtorrent uses dynamic outbound ports. You can set these as static, often using obscure options, but the libtorrent devs suggest not doing so as it can cause issues with establishing connections.

So instead of doing all that and possibly having connection issues I will just be containerizing the torrent client on my server, using macvlan to give it a dedicated IP on my LAN, then routing that IP over the VPN interface using PBR.
As for the other torrent clients on random computers on my LAN, it's probably best we stop using those and just use my server's client. Or we can use the VPN client on those computers.