pfSense virtual appliance behind Fritz!box routing issue

RalfP

Dear all,

I have a Fritz!box (connected to dsl and being used as S0 hub for my phone box) running at 192.168.178.0
My pfSense is running on the 192.168.180.0 net.
I have a static route set up in the FB to 192.168.180.0
The pfsense does firewalling and NATting of some other services in the local net.

I can reach every client in the 192.168.178.0 network from inside the FW (lan net).
Port forwarding from the FB to the pfSense is working (including Dyndns).

The only thing that does not work is to access the pfSense lan net from the FB network, e.g. a client with 192.168.178.10.

Firewall rules are currently set to allow all traffic from 192.168.178.0 to lan net * * but no success.

Any help is highly appreciated.
Thanks in advance
Ralf

viragomann

@ralfp
pfSense blocks access from private networks on WAN by default. You can disable this in the WAN interface settings (block private networks..).

But this is not even the halb of the battle.

The WAN devices might not have a proper route to the LAN network. The use the FB as their default gateway and hence they will send packets to it, which are addressed to 192.168.180.x.

So you either have to add route to each device in the WAN net, which you want to access the pfSense LAN from, or you set up a separate transit network between pfSense and the FB, so you are able to route the traffic between both subnet.
Don't know if the FB is capable of running multiple networks and possibly VLANs.

RalfP

@viragomann
Thanks! Blocking of private networks was the issue.

Default route was already in.

You rock!