PfSense as a second router

8ayM

I'm looking to set this up temporally until I move the pfSense box as the front facing router. This is just for testing/practice so that I will know how to layer pfSense routers in the future.

pfSense is properly assigning IP's as the XP VM received the first IP in the addressable range for he interface it is attached to. The XP VM is able to get resolution for a ping to Google.com to an IP but failed to communicate.

So my 192.168.2.x network cant communicate through my 192.168.1.x network.

I'm new to burying routers behind other routers. So be kind please as this is new territory that i'm playing with.

this is version 2.1 x86.

If you want any additional info just ask.
![Network Layout.jpg](/public/imported_attachments/1/Network Layout.jpg)
![Network Layout.jpg_thumb](/public/imported_attachments/1/Network Layout.jpg_thumb)

phil.davis

That "should" just work out-of-the-box. I make a test system like that from factory defaults all the time. pfSense WAN can be set to DHCP, and get a 192.168.1.x address allocated by the ISP device, or you can pick an unused IP address like 102.168.1.2 as the static IP for pfSense and set the WAN gateway to 192.168.1.1
The default LAN allow all rule will let traffic through from your XP client. pfSense WAN will NAT by default towards the ISP device, so the ISP device will have no trouble replying to it.
What else did you did in addition to factory defaults and assign the physical devices?
Did you set a gateway on LAN? - don't do that!

wojtek

I'am having a similar setup and facing the same problem. I am able to ping/ssh from 192.168.1.x but the other way round I can only ping any ssh/telnet connections fails.

In my setup all devices on 192.168.2.x are virtutal (expect of the host on 192.168.2.2)
on the physical host (192.168.2.2) there are two bridges br1 and br2 bridging eno3 and eno4 interfaces with ip 192.168.1.12 and 192.168.2.2

Additionally there is bon0 interface (eno1 and eno2) with ip of 192.168.1.2

Netmask is the same on all networks 255.255.255.0

/proc/sys/net/ipv4/ip_forward set to 0

Any thoughts what could I check/do?

johnpoz

"or you can pick an unused IP address like 102.168.1.2"

Just to be clear - I am like 1000% sure phil would not be suggesting you grab a public IP address out of thin air and use it.. that should of been 192.168.1.2 I have to hope.. ;)

If you forwarded traffic into a IP behind pfsense, but you can not telnet or ssh.. Either your forward is wrong or those are not listening, or the host has a firewall blocking.. Run through the port forwarding troubleshooting guide. Or since your on a double nat your coming from a 192.168 address into pfsense wan which would be blocked anyway if you have the block rfc1918 rule there, etc..

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

Also you should of created you own post with your own info vs bringing back a thread from 2014..

wojtek

Sorry for opening an old topic. Basically my problem was solved by disabling hardware checksum offloading, see:
https://forum.pfsense.org/index.php?topic=87856.0