Routing problem - Two pfsense, Two wans
-
Hello,
I have problem with routing in pfSense. In attachment there is the network diagram (network addresses are changed from original configuration).
There is problem with routing. Now if I would like to access Server 1 WAN address from LAN2 the connection goes using IPS WAN routers:
traceroute:- 192.168.1.x (source client)
- 192.168.1.1
- 100.100.100.1
(isp routers) - 90.90.90.1
(- 90.90.90.2) (PROXY ARP - VIRTUAL IP) - 90.90.90.200
So I added static routing using connection 192.168.50.0 between routers.
I've added in pfSense router 2:
interface:WAN
dest network: 90.90.90.0/24
nex hop: 192.168.50.1And in pfSense router 2:
interface:WAN
dest network: 100.100.100.0/24
nex hop: 192.168.50.2On router 1 and router 2 there is disabled "Disable reply-to on WAN rules" option.
I've added also rules on 192.168.50.0/24 link firewall to permit connections.And it partialy works:
- when I connect from LAN2 host (eg. 192.168.1.x) to SERVER1 (90.90.90.200) the connection is made using 192.168.50.0 link (OK)
- when I connect from server2 (192.168.1.254, VIRUTAL IP: 100.100.100.200) to server1 the connection goes thru IPS WAN routers (NOT 192.168.50.0 LINK!)
I think, the problem is the Virtual IP and NAT 1:1?
Does anyone have idea why I can't connect from server2 to server1 using local link 192.168.50.0 even is static routing rules are set?
Please help..
Best regards
-
I would think your problem is that both pfsense boxes have networks 192.168.1.x… so packets are being routed to the local subnet, rather than the other one. Maybe I'm off though...
-
Thanks for answer.
I set up additionaly outbond NAT on link 192.168.50.0/24:- on router 1: outbound nat from 192.168.1.0/24 to any (via interface assigned to 192.168.50.0/24 network - OPT) NAT'ed to 192.168.50.1
- on router 2: outbound nat from 192.168.1.0/24 to any (via interface assigned to 192.168.50.0/24 network - OPT) NAT'ed to 192.168.50.2
And it doesn't work with NAT 1:1…
I can connect to 90.90.90.200:25 from LAN2 only if additionaly to NAT 1:1 i configure port forward (Firewall->NAT->port forward) to 90.90.90.200:25 (using Virutal IP)
Any idea how to make NAT 1:1 work in this scenario?