Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT between two pfsense routers

    Scheduled Pinned Locked Moved NAT
    8 Posts 4 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dseknat
      last edited by

      Hi,

      I have a configured two pfsense routers in my home and my network looks as below.
      May be this is a usual questions, but forgive i am novice user.
      Please find the attached network diagram.

      I have a pfsense1 router which is configured to distribute 192.168.89.0/24 address to which another pfsense router with 192.168.90.0/24 has been connected. The pfsense2 WAN port has 192.168.89.18 as the address.

      Also the pfsense1 (192.168.89.0/24) is connected to a ubiquti router which has the LAN configuration as 192.168.1.0/24 address. The pfsense1 WAN port has the address 192.168.1.11.

      Also ubquiti router is connected to internet.

      The laptop which is connected to pfsense2 (192.168.90.12) is able to access the internet and all the machines on 192.168.89.0 and 192.168.1.0 network. But none of the machines in 192.168.89.0 and 192.168.1.0 networks is not able to access 192.168.90.12 or any other machines that is connected to pfsense2.

      Do i need to have to make any changes in pfsense2 and pfsense1 to reach out to 192.168.90.12 or any other machines connected to pfsense2?

      Please help

      Thanks,
      dseknat
      my_network.png
      my_network.png_thumb

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        They need to know where to send traffic for those destinations. They need routes for 89 and 90 pointing to the right places. And the firewall rules entering the interfaces need to pass the traffic.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • D
          dseknat
          last edited by

          Whether i need to add router or configuration in pfsense routers?

          Thanks,
          dseknat

          1 Reply Last reply Reply Quote 0
          • N
            nycfly
            last edited by

            Dare I ask why you have this setup?

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              Configuration.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                I'm with nycfly here..  Why would you do such a setup?  Ok you want to use pfsense - great, all on board with that.  you want to put it behind a unifi router.. Ok sure.. But why would you want 2 pfsense, when you could just use 1 and put both those networks behind it.

                And unless its a typo you have your 192.168.89 as a transit with hosts on it - that is borked.. And same goes for yoru 192.168.1 network.. And why would you nat at all.. If you want to do a downstream router, great.. But why not just let your unifi router nat those to your public?

                So you would end up with something more like this..

                You would then just need route on your unifi saying hey to get to 192.168.88/22 talk to 172.16.0.2 (pfsense IP in your transit).  Turn off nat in pfsense, and setup unifi to nat your downstream networks.  If you left nat on it pfsense that would work too.. Just if you wanted anything in 192.168.1 to be able to talk stuff in your 89/90 networks you would have to port forward on pfsense.  But you wouldn't have to do any route commands, etc.

                If your going to nat at pfsense you could just use your 192.168.1 as your transit..

                downstreampfspng.png
                downstreampfspng.png_thumb

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • D
                  dseknat
                  last edited by

                  Thanks Johnpoz what ever you have suggested worked!.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    Well yeah ;) heheheh

                    So your all sorted?  Any more questions?  Some applauds and thank you's don't hurt my feelings.  I have some dipshit smiting me everytime they log in ;)

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.