Basic statically routed set up not working!
-
Did you shutdown NAT or add any static routes? We need more details on this.
-
There's no NAT or static routes set up on the box.
-
pfSense does NAT by default, so if you have not disabled it it DOES nat. That's why I was asking.
-
OK, under the "Firewall"->"NAT" section in the web interface, there are three tabs. There are no entries set up on any of the tabs. On the "Outbound" tab the radio button "Enable IPSec passthru" is selected.
I've been logging on with SSH and the rules all look like they're configured correctly, I can't see a rule that would block traffic.
-
You have to enable advanced outbound nat at firewall>nat, outbound tab and then delete the autocreated rules at the bottom. if advanced outbound nat is not enabled pfSense will do NAT on any interface with a gateway (like WAN).
-
Thanks for the tip. I'm not sure this has had the desired effect, I turned it off as per your instructions, and checked with a "pfctl -a nat" command, which showed no NAT rules. I still get the "destination host unreachable" error when trying to connect to a host behind pfSense.
-
Is your WAN in a private subnetrange? If yes you need to uncheck "block private IPs" at interfaces>wan.
-
No, the WAN is in a public range. I've unblocked the private IPs anyway; I'm trying to run with the minimum feature set.
-
If your LAN is private IPs then you need NAT.
-
Turns out the cause of this was the bridging was not working as anticipated; I was under the impression that bridging an interface with another effectively gave you a layer 2 connection between the two ports. Moving the computer from the bridged port into the port the bridged port was bridged with resolved this.