How to route traffic to WAN 2
-
@viragomann said in How to route traffic to WAN 2:
Does pfSense even see these networks?
Yup, these networks even seen
-
@Shinigami said in How to route traffic to WAN 2:
Does pfSense even see these networks?Yup, these networks even seen
This is the other way, however. This does not proof that pfSense is seeing the networks behind the Unify router at all.
So go to pfSense and run traceroute to an IP behind the Unify.
-
@viragomann said in How to route traffic to WAN 2:
This is the other way, however. This does not proof that pfSense is seeing the networks behind the Unify router at all.
So go to pfSense and run traceroute to an IP behind the Unify.
OMG, I thought that after config rules allow lan to internet, everything would work stably.
But after I used traceroute and ping to the Unifi router, it did not respond.
I tried using a laptop plugged directly into the LAN port and configured static IP, but pfSense could not ping the laptop. I even changed the IP on the LAN interface to 192.168.10.0/24 and disabled hardware checksum offloading on pfSense and Unifi, then enable DHCP server, but it was still not feasible.
-
@Shinigami
Rather use traceroute than ping for investigating. Ping from another network segment can be blocked by the firewall of the laptop.As mentioned above, you have to add static routes to pfSense for the networks behind the Unify.
Add the Unify IP as gateway in System > Routing > Gateways, then go to the Static routes tab and add routes for both network and point them to this gateway.
Remember that you might have to configure firewall of the devices, which you want to access, properly to pass it, otherwise access from IP out of their own subnet will not be allowed.
-
@viragomann said in How to route traffic to WAN 2:
Remember that you might have to configure firewall of the devices, which you want to access, properly to pass it, otherwise access from IP out of their own subnet will not be allowed.
I’ve discovered that the Static Route feature on pfSense is malfunctioning. I’m trying to configure VLAN_30 to use the WAN_1 route and VLAN_60 to use the WAN_2 route, but it seems entirely unfeasible. Even when I tried using a lower version, it didn’t improve the situation.
-
@Shinigami
WTF! You have policy routed the two subnets to the UNIFi, where they are coming from.
How do you think, should the traffic flow?BTW: stating the UNIFI as default gateway might not be a good idea at all. Devices not directed to any other gateway and pfSense itself will loose internet access.
-
@viragomann
I don't have policy routed the two subnets to the Unifi, because i using 1 port LAN connect to switch and 1 port WAN connect to PfSense.
Unifi routers only have the task of providing DHCP, while pfSense is responsible for identifying and routing traffic to the pre-defined WAN. -
@Shinigami said in How to route traffic to WAN 2:
I don't have policy routed the two subnets to the Unifi, because i using 1 port LAN connect to switch and 1 port WAN connect to PfSense.
What your rule set is showing is called policy routing, however.
And this makes no sense here at all.
Unifi routers only have the task of providing DHCP, while pfSense is responsible for identifying and routing traffic to the pre-defined WAN.
This presumes, that pfSense sees the real source IPs, does it really?
Run Packet Capture to verify. -
@viragomann said in How to route traffic to WAN 2:
@Shinigami said in How to route traffic to WAN 2:
This presumes, that pfSense sees the real source IPs, does it really?Currently PfSense can't ping to Unifi Router (172.16.16.2) and all vlan's,
but Unifi can ping to PfSense (172.16.16.1).
-
@Shinigami
So configure the UNIFI properly to accept access from its WAN facing iterface.