Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow access to another LAN network that is connected to the same port as the WAN network.

    General pfSense Questions
    3
    5
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shadowwizard
      last edited by shadowwizard

      The quick and dirty:
      I have both a LAN (call it 'old lan' It has the IP address range 192.168.2.1-192.168.2.255) on a separate subnet, and a WAN connected to the WAN port, and I want to be able to access the 'old lan' from the lan port on the PFsence system
      Additional information that may help provide an accurate answer:
      Here is my setup. My internet comes in to my house on an ISP provided router (Bell Home Hub 3000) and uses the address/subnet 192.168.2.1/24. There are several devices connected to WIFI. One of the LAN ports is connected to a gigabit switch. There are many other devices connected to this gigabit switch. They have ip addresses in the range (of course) of 192.168.2.10-192.168.2.255.
      The WAN port of PFsence is connected to this switch. The ISP router has a DMZ setting to permit a device connected to it to use the internet IP address, and PFsence is the device set to do that. The Home Hub 3000 called it "Advanced DMZ" This means the WAN port of PFsence has an ip address that is 184.x.x.x. An outside, out on the internet ip address, NOT a local IP address.
      The LAN port on PFsence is connected to a WIFI bridge. it is NOT connected (At this time) back to the switch, so the only way to connect to the LAN of PFsence is via wifi. PFsence is set to use the LAN ip address/subnet of 10.1.1.1/17, and has a DHCP server set to hand out IP addresses 10.1.2.1-10.1.2.255. When I connect my laptop to PFsence via WIFI, I am assigned 10.1.2.1, and am able to brose the internet, access PFsence, etc. However I am not able to access 192.168.2.x. Is there a way to do that?
      I have tried disabling block private network on the WAN interface page. Disabling block bogon networks.
      I have tried setting the DMZ to NOT give PFsence the main WAN IP (So it was assigned 192.168.2.something) but that also didn't permit me to access 192.168.2.x from 10.1.x.x.
      From my (very) limited understanding, since PFsence is set as the gateway, I really shouldn't have issues accessing 192.168.2.x connected to the WAN of the device.
      So I am open to other suggestions.

      V stephenw10S 2 Replies Last reply Reply Quote 0
      • V
        viragomann @shadowwizard
        last edited by

        @shadowwizard said in Allow access to another LAN network that is connected to the same port as the WAN network.:

        The WAN port of PFsence is connected to this switch. The ISP router has a DMZ setting to permit a device connected to it to use the internet IP address, and PFsence is the device set to do that. The Home Hub 3000 called it "Advanced DMZ" This means the WAN port of PFsence has an ip address that is 184.x.x.x. An outside, out on the internet ip address, NOT a local IP address.

        A better setup would be to connect pfSense directly to the router as the only one device and bring all other devices behind it into the LAN of pfSense.

        I'm wondering if your LAN devices behind the router still have access to the internet using the router as default gateway in this setup.

        When I connect my laptop to PFsence via WIFI, I am assigned 10.1.2.1, and am able to brose the internet, access PFsence, etc. However I am not able to access 192.168.2.x. Is there a way to do that?

        Yes, but you would still not be able to access devices in 10.1.1.0/17 from 192.168.2.0/24 without either adding routes to all devices in the outer subnet or using pfSense as their default gateway.

        To get access to the outside LAN, you have to assign an IP out of 192.168.2.0/24 to pfSense WAN.
        Firewall > Virtual IPs
        Use type IP alias.

        Then go to Firewall > NAT > Outbound, enable the hybrid mode and add a rule:
        interface: WAN
        source: 10.1.1.0/17
        destination:192.168.2.0/24
        translation: select the alias IP

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator @shadowwizard
          last edited by stephenw10

          @shadowwizard said in Allow access to another LAN network that is connected to the same port as the WAN network.:

          I have tried setting the DMZ to NOT give PFsence the main WAN IP (So it was assigned 192.168.2.something) but that also didn't permit me to access 192.168.2.x from 10.1.x.x.

          Check your outbound NAT settings. If that traffic is NAT'd to the WAN IP you should be able to access those devices.

          But, yes, you would not be able to connect the other way without rules and static routes.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @stephenw10
            last edited by

            @stephenw10 said in Allow access to another LAN network that is connected to the same port as the WAN network.:

            Check your outbound NAT settings. If that traffic is NAT'd to the WAN IP you should be able to access those devices.

            He said, he has a public WAN IP.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Yup, but he said he still didn't get access when the DMZ mode was disabled so pfSense gets a private WAN IP. Which is unexpected.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.