Router machine not easy with pfSense…
-
Hi all.
I've tested many firewall configuration, also with success…
This time, I've tried to substitute a linux machine (that was simply routing traffic) with a pfsense one... But it's not easy, if I don't want strong controll!That's what's happened.
I've setted up two linux box as simply routers.echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADEAll systems behind works perfectly...
Now I've decided to collapse this 2 routers in 1 pfsense box, who has 2 OPT connected to the "wan" of internal systems and has 1 WAN to the external network.
Well... It doesn't work!
- I'm sure each firewall interface let flow "any" traffic to "any".
- I've tried adding OUTBOUND NAT, after test that without nat, nothing goes anywhere...
- NAT reflection is disabled...
So, now, I'm thinking: what's my matter?
It's so easy...Thanks anyway for Your time/suggestions.
Cheers...
T. -
Have you tried turning off the firewall in Advanced Config? I haven't used that but IIRC it says specifically that it is for routing without using firewall rules at all.
-
Hi.
Yes, I've tried, as reported in step 2).
But in this way is shutted down also nat, so…
;-)
Thanks anyway!
Cheers,
T. -
Yes, I've tried, as reported in step 2).
- I've tried adding OUTBOUND NAT, after test that without nat, nothing goes anywhere…
Are we talking about the same thing? I didn't mention Outbound NAT but under System -> Advanced -> Traffic Shaper and Firewall Advanced there is an option of:
Disable all packet filtering.
Note: This converts pfSense into a routing only platform!
Note: This will turn off NAT!Have you set static routes if you're just trying to route packets?
-
Yes, I know.
My synthetic list may let think I've not tried, but it isn't.
Static routes are working, because with linux routers everything works fine.
The only change I do, on "internal" systems is modifing default gateway of external interfaces: from linux routers to new pfsense router.
In the pfsense router I've setted no static routes, because the default gateway of system is its WAN gateway.default 192.168.1.1 UGS 0 87 1500 le0
Also because I've 2 OPTx that has to routes them traffic to WAN if.
If I set something like:interface OPT1: Destination network: 0.0.0.0/1 -> WAN_GW gateway
what can I set on OPT2?
I cannot set the same Destination network for 2 if and the same gateway…-> Enabling Fast Routing doesn't change anything.
Let me know if I'm making some mistake...
Hi all.
If someone is interested, I've solved the problem, simply removing the "router only" feature from the advanced setup and modifing the NAT rules in outgoing tab.
Probably, doing all test - contemporaneously - I've not rollbacked any change committed, before to pass to next test.
In every case, with the corrected interfaces of NAT in my table, all outgoing traffic restablished correctly.
Thanks anyway.
Cheers,
T.