Routing from WAN to LAN
- 
 I have a PFSENSE box that is routing traffic like this :- Domain –-- PFSense ----- Smoothwall Filter ------- Internet It's working fine, I can ping the gateways from each interface and the internet is working across VLANS and the LAN , however I can't seem to ping anything on the domain from the WAN interface. I need access to Active Directory from the Smoothwall box to allow Authentication - how would I do this ? LAN address is 192.168.5.80 - Smoothwall Gateway is 192.168.110.1 (WAN IP is 192.168.110.2) Cheers What I'm trying to achieve is one PFSENSE box as a router instead of a layer 3 switch for internal lan and vlans to smoothwall Eventually it will be LAN -> PFSENSE Router -> Smoothwall -> PFSENSE Firewall 
- 
 WAN is set to ignore private addresses by default, so it's not going to respond to your Smoothwall unless you uncheck that via (Interfaces - WAN). Are you using pfSense as a router only (firewall disabled) or is the firewall still active? To get access to your DC, you could add a WAN rule that allows the Smoothwall to have full access to the DC. 
- 
 Yes the firewall is still active but I have rules to allow all traffic (IPV4* LAN/WAN/VLAN * * * *) on each interface What would the rule look like ? And would it be easier to disable the firewall ? Thanks for the help 
- 
 What would the rule look like ? It would look like a Pass rule with your Smoothwall as the Source and the DC as the Destination. Ports depend on your Windows Server version, but likely 49152-65535 if you want to limit access to just domain services. And would it be easier to disable the firewall ? It's certainly easy, but I don't know how it would perform for you. Try it. System - Advanced - Firewall/NAT - Disable firewall. 
- 
 Thanks, I'll give it a go - nearly there it's just this last hurdle :) 
- 
 I removed the firewall role and still nothing, I can ping the DC from the LAN interface but I can't from the WAN interface (full packet loss) I must be missing something somewhere! seems I was, seeing as this is in a non production environment I needed to add the gateway to the DCs (had to slap myself there…) 
- 
 Maybe post screencaps of your interface details. 
- 
 I know I started another thread but, I recreated the box and kept it simple as possible 
- 
 I see John's made more progress so I'll abandon this thread. 
