Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall Rule Routing IP Through VPN

    Scheduled Pinned Locked Moved Firewalling
    12 Posts 2 Posters 1.0k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      Captain Chunck @viragomann
      last edited by

      @viragomann I meant through the VPN and how do I find this table I'm still relatively new to Pfsence

      1 Reply Last reply Reply Quote 0
      • C Offline
        Captain Chunck @viragomann
        last edited by

        @viragomann ah found it no the firestick isn't on the ARP table but neither is my desktop

        V 1 Reply Last reply Reply Quote 0
        • V Offline
          viragomann @Captain Chunck
          last edited by

          @captain-chunck
          Each IP pfSense actually communicates with must be found in the ARP table. Otherwise there is no communication possible. The default timeout for ARP entries is 20 minutes.
          So after initiating a connection to the internet on your desktop, you should find your IP there.
          The same is true for all other devices.

          However, I suspect that your Wifi router does masquerading, so that pfSense can only see its LAN IP, but not the origin device IP.
          You properly can switch off this function, but then you have to add a static route to pfSense for the wifi subnet pointing to the router.

          C 1 Reply Last reply Reply Quote 0
          • C Offline
            Captain Chunck @viragomann
            last edited by

            @viragomann right I see might be better of for simplicity just adding the whole WiFi network as a rule for now

            V 1 Reply Last reply Reply Quote 0
            • V Offline
              viragomann @Captain Chunck
              last edited by

              @captain-chunck
              Yeah, if its reasonable for you that you cannot distinguish the wifi devices on pfSense, that's an option, of course.

              C 1 Reply Last reply Reply Quote 0
              • C Offline
                Captain Chunck @viragomann
                last edited by

                @viragomann I just wanted to be able to switch on and off the VPN so I could essentially switch between American netflix and UK netflix, but looks like the WiFi router is only showing its own IP to pfsense and not what's connected to it

                V 1 Reply Last reply Reply Quote 0
                • V Offline
                  viragomann @Captain Chunck
                  last edited by

                  @captain-chunck
                  If think you should be able to set the router into AP mode. So all devices get IPs in LAN subnet.
                  Is it VLan capable? That would also be an option to separate the wifi devices, even when the router is connected to an L2 LAN switch.

                  C 1 Reply Last reply Reply Quote 0
                  • C Offline
                    Captain Chunck @viragomann
                    last edited by Captain Chunck

                    @viragomann I'm using a TP-Link VR400 as an AP it's in Wireless router mode, but the router is cable of being a modem too so it has it own firewall and DHCP, I have the option to turn off the firewall and put it in DHCP relay mode, would this be something I'd need to do

                    V 1 Reply Last reply Reply Quote 0
                    • V Offline
                      viragomann @Captain Chunck
                      last edited by

                      @captain-chunck
                      The firewall can be turned off, but DHCP relay only makes sense if you want to use the DHCP on pfSense to register device names in DNS.
                      As long as it's in NAT router mode, you want see the devices behind.

                      C 1 Reply Last reply Reply Quote 0
                      • C Offline
                        Captain Chunck @viragomann
                        last edited by

                        @viragomann I had the option to turn of DHCP on the WiFi router so I did that and I turned the firewall off too

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.