Added a second WAN, no way to get forwarfing NAT working on the 2nd

viragomann

Or at least remove the gateway. This will not work at all.

vincentvije

@viragomann But I can't remove the gateway, it's the one we use for LAN computers to go to Internet :
Screenshot - 9_4_2024 , 5_19_43 PM.jpg

?

viragomann

@vincentvije
I meant, the gateway from the pass rule.

vincentvije

@viragomann Thanks so much, you did it !
But this rule was added automatically by pfSense, why ?

And why do I keep it with WAN and not WAN2 ?
WAN is forwarding well with it, but WAN2 not, I don't understand.

For the moment, forwarding work with WAN2, but pinging WAN2 not.

vincentvije

@viragomann What I mean is I've the same rule for WAN and for WAN2, why removing from just WAN2, and whay did pfSense added it ?
And the ping problem is not solved ?

viragomann

@vincentvije said in Added a second WAN, no way to get forwarfing NAT working on the 2nd:

But this rule was added automatically by pfSense, why ?

Never had this issue.
And I cannot think of any sense, where pfSense is adding a policy routing rule automatically.

And why do I keep it with WAN and not WAN2 ?
WAN is forwarding well with it, but WAN2 not, I don't understand.

Strange thing: your screenshots above show on WAN port 443 is allowed to .59, but on WAN2 port 443 is allowed to .58.

For the moment, forwarding work with WAN2, but pinging WAN2 not.

Do you have a rule in place to permit it now?
Did you remove the policy routing rule entirely or only the gateway setting.

viragomann

@vincentvije said in Added a second WAN, no way to get forwarfing NAT working on the 2nd:

What I mean is I've the same rule for WAN and for WAN2, why removing from just WAN2

A policy routing rule on a WAN interface is useless in almost all cases.

vincentvije

@viragomann About 59 and 58, it's because they are different webservers, I miss to send you with same webservers but it's fin.
I don't know where and how adding ping rule ? There's no port. How to do it ?

About the routing rule, maybe I should remove this from WAN : ?
Screenshot - 9_4_2024 , 7_55_30 PM.jpg

viragomann

@vincentvije
This rule allows any access, any protocol, from anywhere to anywhere on this interface.
So this includes also pinging to the interface IP. Hence I'd expect, that pfSense is responding.

However, you can also forward pings. In this case it's on the destination device to respond.

For an allow-ping rule, there is no port needed. Just select ICMP protocol, you can limit the rule to "echo request" for instance, and set a source and destination if you want.

vincentvije

@viragomann Thanks a lot Viragomann, so I should make the same rule on the other interface WAN2 and it then should answer the pings as WAN do ?

With all your answers, I will take time to understand better how pfSense works.

viragomann

@vincentvije said in Added a second WAN, no way to get forwarfing NAT working on the 2nd:

so I should make the same rule on the other interface WAN2 and it then should answer the pings as WAN do ?

Yes, if you want to allow pings.
Your allow-any rule on WAN2 only allows TCP. This doesn't allow pings, which is ICMP.

vincentvije

@viragomann Thanks to your explanations, I understood and cleaned all pfSense rules and configs!
Thanks you so much Viragomann !