Routing trafic back into the secondary gateway (unifi)
-
Hi all,
I have given up on Unifi as a firewall. I have put a pfSense firewall in front of it and am slowly configuring the migration. One thing that would make the process quicker is if I were able to reach both pfSense and Unifi (UDM) on the same connection. The following is my mediocre attempt to describe my environment. The green arrow is what I am tying to achieve.
However, after adding many firewall rules on either router, I am still unable to reach it from VL10. I can get traffic out to the WAN but this is traffic flowing into the network and I am not sure if I need to set static routes, natting, etc. My network knowledge is not the best.
Would anyone be able to tell me what I am missing? The image is supposed to have spared you a 1000 words but if you need more info I'd be happy to provide it.
Thanks.
-
@pfsblah
You will need to masquerade the traffic on the interface, which the Unify is connected to.You can do this with Firewall > NAT > outbound in pfSense.
You need to enable the hybrid mode and save this setting.
Then add a rule:
interface: which the UDM is connected to
source: 192.168.10.100/32
destination: UDM IP
translation: interface address -
@viragomann Thanks a lot. Will try it and give feedback as soon as I'm back :)
-
@viragomann
I implemented the nat rule but still no luck. I can see traffic leaving pfSense but none returning. I have opened up the UDM as much as I can but I am still unable to reach it. Is my above setup reasonable? I tried to put all VLAN traffic on one port and the untagged traffic on the "UDM WAN - pfSense LAN" but I wonder if using the UDM WAN port is not the source of the problem.I will see if I can sniff the UDM WAN to see what is doing on but if you have an idea, please do share. ;)
-
@viragomann
Thanks for your help. I got it working. It was another noob error. I was crating rules for the UDM LAN not the UDM GW... wonder why I couldn't reach the GW. ;)Thanks again.