Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't access IP addresses behind a router downstream from PFSense LAN network.

    Routing and Multi WAN
    3
    5
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dmjar
      last edited by

      I have been having issues reaching devices behind the router downstream from the LAN on the PFSense box.

      I can reach the Router (Gateway on 192.168.2.1) on this diagram but as this is directly connected to the LAN port of the PFSense box this appears in the Route table of the PFSense box directly.

      However anything on the Network (192.168.2.0/24) apart from the router is unreachable from the PFSense box and anything else on the PFSense LAN (e.g. Network Device A cannot reach Network Device B).

      I am assuming it is a Routing issue however I have tried adding the downstream router as a gateway and creating a static route for both the whole 192.168.2.0/24 range and alternatively just the 192.168.2.200/32 range in this example.

      Has anyone got any ideas?

      P.S. All the IP's have been changed for this example so I may have made a mistake in the diagram so apologies if so.

      Dan

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        You will need a static route for LAN2 pointing to 192.168.2.1 on each single device in LAN1 to get it work.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          you have devices on this 192.168.1/24 network that need to talk to 192.168.2 devices?

          Then you need to connect the downstream router via a transit network… or you have asymmetrical routing.. And yeah problem.. Or you could do as viragomann suggests and put host routing on every device on 192.168.1/24 network..

          Just connect your downstream via a transit and all your problems go away.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • D
            dmjar
            last edited by

            Hi thanks for the replies so far.

            I dont necessarily need devices in LAN1 to communicate with LAN2 that was purely for diagnostic purposes.

            Effectively the main issue is getting the traffic from a port forward (incoming from WAN) to actually go further than the PFSense box as currently it is not hitting the device in LAN2.

            It doesn't seem to be a FW rules issue so thats why I swapped to checking connectivity between the PFSense box and the devices on the LAN2 wasnt there.

            There is a port forward active on the downstream router too but in the logs nothing is incoming from PFSense box to the downstream router. It seems like the PFSense bix doesnt know where to send the traffic or similar.

            1 Reply Last reply Reply Quote 0
            • V
              viragomann
              last edited by

              @dmjar:

              Effectively the main issue is getting the traffic from a port forward (incoming from WAN) to actually go further than the PFSense box as currently it is not hitting the device in LAN2.

              So this should be solution for that already:
              @dmjar:

              I am assuming it is a Routing issue however I have tried adding the downstream router as a gateway and creating a static route for both the whole 192.168.2.0/24 range and alternatively just the 192.168.2.200/32 range in this example.

              Maybe you have done something wrong?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.