Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense reading wrong ip address in system logs

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 4 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      viragomann
      last edited by

      If pfSense sees the computer as 192.168.1.150 whereas it realy has 10.10.10.212 than your OpenWRT makes NAT for it.

      Why do you try to bypass this computer from VPN on pfSense? Just set a static route on OpenWRT to direct its traffic to WAN.

      1 Reply Last reply Reply Quote 0
      • C
        casoah
        last edited by

        Yea I know, but I'm curious as to why pfsense is doing this.

        What i'm confused if openwrt is making a nat, how can pfsense see it in the first place with arp?
        I can ping 10.10.10.212 from pfsense

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          It's not pfSense doing anything like this. You are double-NATing.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Dude your drawing shows both wan and lan of pfsense plugged into ports on the router running openwrt switch ports?  WTF???

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              Nice loop… the whole setup makes a lot of "sense"... Keep getting amazed every day what kind of complete BS are people able to invent.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Look the lan rules, wan network as your source in your lan rules?

                Sometimes I just at a complete lack of words to how people think this through…  When would that rule come into play???

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • C
                  casoah
                  last edited by

                  @johnpoz:

                  Dude your drawing shows both wan and lan of pfsense plugged into ports on the router running openwrt switch ports?  WTF???

                  The ports are vlan'd on openwrt.

                  The lan port of pfsense plugs back into openwrt, and I have openwrt set that the computers go through that interface.

                  1 Reply Last reply Reply Quote 0
                  • C
                    casoah
                    last edited by

                    @johnpoz:

                    Look the lan rules, wan network as your source in your lan rules?

                    Sometimes I just at a complete lack of words to how people think this through…  When would that rule come into play???

                    The first firewall lan rule?
                    wan isn't the source, it's the gateway the connection should go through.

                    1 Reply Last reply Reply Quote 0
                    • C
                      casoah
                      last edited by

                      @doktornotor:

                      Nice loop… the whole setup makes a lot of "sense"... Keep getting amazed every day what kind of complete BS are people able to invent.

                      You realize I can just toss the setup away at any time right?
                      I just want to know why pfsense reads the ip in the system logs as 192.168.1.150 when I can ping 10.10.10.212 from pfsense and the other way around.

                      The whole reason the setup is like this is because the wndr3700 supports vlan tagging. It also supports multiple gateways with mwan3. The problem is if I had openwrt connect to the vpn server I can only get around 20megabits even with the cpu overclocked to 800mhz. So I just hooked up pfsense behind it and used that for the vpn processing.

                      I could just get rid of the wndr3700, but the ipv6 implementation works a lot better than pfsense by default for Comcast users. There's a large thread on dslreports about that.

                      EDIT: I got it, I just had to disable ip masquerading on openwrt.
                      You guys could have mentioned that instead of bashing btw

                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned
                        last edited by

                        @casoah:

                        You realize I can just toss the setup away at any time right?

                        Yes, so do it… yesterday was too late.

                        @casoah:

                        EDIT: I got it, I just had to disable ip masquerading on openwrt.
                        You guys could have mentioned that instead of bashing btw

                        You have been told at least twice that you are double-NATing.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.