Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static Route Across Subnets?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    12 Posts 3 Posters 929 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • patient0P
      patient0 @DaHai8
      last edited by

      @DaHai8 said in Static Route Across Subnets?:

      172.29.3.175 (Windows PC running Steam - Lan Port 3)

      Is the Windows PC on LAN port 3 of pfSense and 172.29.3.175/24 is the pfSense LAN network?
      In general all access from pfSense WAN to pfSense LAN is blocked by default.

      What are you trying to accomplish?

      D 1 Reply Last reply Reply Quote 0
      • D
        DaHai8 @patient0
        last edited by DaHai8

        @patient0 : Thanks for the response.
        I'm trying to get SteamLink on the Pi connected back to my PC.
        Yes, the Windows PC is on LAN Port 3 of pfSense and 172.29.3.175/24 is the pfSense LAN network.
        And because the pfSense WAN is not directly connected to a Public IP (it is local port 192.168.1.2 of the ISP's router IP), I have "Block private networks and loopback addresses" turned off on the WAN port.
        P.S. "Block bogon networks" is also diabled on the WAN port

        patient0P 1 Reply Last reply Reply Quote 0
        • patient0P
          patient0 @DaHai8
          last edited by

          @DaHai8 said in Static Route Across Subnets?:

          I'm trying to get SteamLink on the Pi connected back to my PC.

          You can disable NAT and turn pfSense into a router as long as it stays behind the ISP router.

          I have "Block private networks and loopback addresses" turned off on the WAN port.
          P.S. "Block bogon networks" is also diabled on the WAN port

          The default is still block everything just without the explicit block rules for the two. You will need explicit allow rules on the WAN interface (on any interface for that matter, default is always blocking).

          If you keep the NAT then you will need to setup port forwarding rules for the ports/protocols you want to be forwarded to the Windows PC.

          D 1 Reply Last reply Reply Quote 0
          • D
            DaHai8 @patient0
            last edited by DaHai8

            @patient0 : Thank you! It's better, but I still seem to be missing/screwing up something.

            Here is my NAT Port Forwarding:

            bcfdebd6-ea5a-484d-adc9-62d725c72a99-image.png

            Apologies for the change in the PC IP Address (from .175 to .100). I switched it to Ethernet to squeeze out a bit more bandwidth.

            Still, I'm only getting a 'Far' connection at 75MBs (up from 'Poor' before). But that's not the best I got (85MBs) when I ran a cable across the apartment from the Pi directly into my 172.29.3.x switch (same one the PC is on).

            And I still cannot Ping the PC from the Pi, even with ICMP opened

            Thoughts?
            Thanks!

            patient0P 1 Reply Last reply Reply Quote 0
            • patient0P
              patient0 @DaHai8
              last edited by

              @DaHai8 said in Static Route Across Subnets?:

              Still, I'm only getting a 'Far' connection at 75MBs (up from 'Poor' before). But that's not the best I got (85MBs) when I ran a cable across the apartment from the Pi directly into my 172.29.3.x switch (same one the PC is on).

              NAT will take some resources to process, on what device does pfSense run?

              And I still cannot Ping the PC from the Pi, even with ICMP opened

              I'm not sure about that, there is an old thread about "Port Forwarding Ping from WAN to LAN–- does not work?" according to it, it is possible.
              Maybe someone better informed can help with that.

              D 1 Reply Last reply Reply Quote 0
              • D
                DaHai8 @patient0
                last edited by

                @patient0 : Thanks for the reply!

                pfSense is running on:
                d988ef41-e9db-49e5-b800-1c0c61926bda-image.png

                8GB Ram DDR4
                128GB SSD
                4x2.5GB Network Ports (but the home network routers and switches are only 1GB)

                Not too worried about Ping, just using it as a sanity check - but I will check out that link, since Tracert also fails.

                tinfoilmattT patient0P 2 Replies Last reply Reply Quote 0
                • tinfoilmattT
                  tinfoilmatt @DaHai8
                  last edited by

                  @DaHai8 Windows Firewall blocks incoming ping from any subnet other than its own by default.

                  D 1 Reply Last reply Reply Quote 0
                  • patient0P
                    patient0 @DaHai8
                    last edited by

                    @DaHai8 said in Static Route Across Subnets?:

                    pfSense is running on: (N100)

                    That CPU is certainly more than capable of handling that kind of speed.

                    I'm really not sure why the speed is reduced. Btw: Are we talking 85/75 Mbit or MByte?

                    D 1 Reply Last reply Reply Quote 0
                    • D
                      DaHai8 @patient0
                      last edited by

                      @patient0 :
                      The SteamLink Network test reports in Mb/s (70Mb/s). Sorry for the confusion. I did read that SteamLink caps the rate at 100Mb/s regardless.

                      I'm going try to get Ping and Traceroute working so I can see if the packets are taking a detour or not.

                      Thank you for all your help!!!

                      1 Reply Last reply Reply Quote 0
                      • D
                        DaHai8 @tinfoilmatt
                        last edited by

                        @tinfoilmatt :
                        I enabled File and Print Sharing (Echo Request - ICMPv4-In) for both Domain and Private,Public in Windows Defender.

                        Still not getting Pings to go through, so perhaps another setting elsewhere.

                        1 Reply Last reply Reply Quote 0
                        • D
                          DaHai8
                          last edited by DaHai8

                          I finally got Ping working in Windows. Had to accept ANY source for Remote Address in Windows Defender Firewall for Private.Public Profile.
                          And I am getting sub ms response times from the Pi to Windows (~0.56ms). So the route seems to be direct without any detours.

                          Traceroute still fails, but that could be the ISP modem/router not allowing it.

                          So, it appears ~75Mb/s is the best I can expect. 5x faster than before!!!

                          Thanks Everyone!

                          P.S. ICMP also needed to be added to the Firewall Rules in pfSense on the WAN interface to allow Pings through

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.