Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trying to Route from WAN to LAN

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      DeMiNe0
      last edited by

      I have a PFsense setup on my local network. It's Wan interface has an IP on my work network, with a LAN interface going to a switch on a segregated lab network. The Lan interface has several vlans assigned to it. Routing within the LAN networks works fine, but I'm trying to route traffic from the WAN network into one of the vlans called MGT1(10.222.200.0/24) on the LAN network without using NAT. I have a laptop that's trying to connect to the management IP/Port of my firewall. I added a static route on my laptop for the network I'm trying to reach with the WAN ipaddress of the pfsense as the gateway. I also added the firewall rules to allow traffic from my WAN to Lan. I can't seem to get any pings through, and traceroute doesn't look right to me.

      I haven't done anything with NAT, because I don't think I need to. I may be wrong in thinking that though. Do I need to turn nat off for pfsense to route from WAN to LAN? I've tried with it both off and on, but no change in behavior occurs.

      Interfaces:




      Aliases:

      pfsense routing table:

      Firewall Rules:

      Logging is turned on for the above firewall rule, but nothing is value is being logged for traffic on that rule:

      This was a packet capture attempted while doing a ping from a laptop on the WAN network, also shows the IP information from that laptop:

      The routing table of that laptop, and some diagnostic info; Ping and Tracert:
      http://pastebin.com/gaKfAjA8

      Considering the tracert doesn't event attempt to hop to 172.16.7.90 I would assume it was a routing problem but I have a route in the routing table.

      I'm pretty stumped. Any idea's?

      1 Reply Last reply Reply Quote 0
      • F Offline
        firewalluser
        last edited by

        @DeMiNe0:

        but I'm trying to route traffic from the WAN network into one of the vlans called MGT1(10.222.200.0/24) on the LAN network without using NAT

        So you are trying to access one of the many private ip addresses assigned for private lans from the wan/internet, or are you say mapping fixed ip's assigned to you to your devices on the MGT1 vlan?

        If the former, what does your traceroute show you?

        https://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces

        Maybe you could create a VPN to connect to the MGT1 vlan as a work around if you dont have private fixed ip to assign to the devices on MGT1?

        Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

        Asch Conformity, mainly the blind leading the blind.

        1 Reply Last reply Reply Quote 0
        • D Offline
          DeMiNe0
          last edited by

          No, the WAN in this case is just another private network that my laptop that I'm using for testing resides on. The private IP space from the WAN is valid in this case. I'm simply trying to use PFSense as a router to route the traffic coming from my 172.16.6.0/23 network(The Wan) to my isolated MGT1 10.222.200.0/24 network. I don't want to disable natting and SPF except for a last resort.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.