Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Home Lab - No WAN Pass-thru

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 610 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ibby1570
      last edited by

      I am having an issue trying to set up a home test lab. That is the reason why pfSense is not right after the router.

      What I want to do is access from computer a (192.168.1.2) to computer b (192.168.2.2). Computer a and computer b are on different subnets.

      Modem - 192.168.1.1
      WAN - 192.168.1.100 | "Block RFC1918" and "Block bogon" unchecked
      LAN - 192.168.2.1 | "Block RFC1918" and "Block bogon" unchecked

      Firewall Rules:

      192.168.1.2 * 192.168.1.100 * * none - WAN computer a to pfSense web

      works

      192.168.1.2 * 192.168.2.2 * * none - WAN computer a to computer b

      not working

      What I don't understand is I have modeled these rules off of my other pfSense installation (router to pfSense) that do work.

      Thanks

      1 Reply Last reply Reply Quote 0
      • I
        ibby1570
        last edited by

        Nobody is able to help?

        1 Reply Last reply Reply Quote 0
        • I
          ibby1570
          last edited by

          I found the answer to my own question.

          In case anybody finds this via Google, here is my current setup:

          Internet - router (192.168.1.1) - switch - {pfsense 192.168.1.100} - {computer a (192.168.1.2)} - {computer b (192.168.2.2)}

          {connected to switch}

          computer a  tracert computer b
          1 2m 2m 1 ma router
          request timed out (30x)

          In other words, the router is looking for the IP address 192.168.2.2 outside of the network and not inside.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            So you have computer on pfsense wan, and you want to get to stuff behind pfsense NAT to lan.. Then you would have to port forward..  If you do not want to port forward, and use pfsense as a downstream router/firewall without nat.. Then unless you do host routing on devices on what becomes a transit network your going to have a bad time with asymmetrical routing.

            To use pfsense as a downstream firewall/router or just router and not nat then pfsense needs to be connected to the upstream router via a transit network that no hosts are on so that you remove asymmetrical routing..

            If you want to do what your doing with pfsense NATing between wan and its lan which is what it does out of the box.. .Then you would setup port forward for what ports you want to hit on 192.168.2.2, and haave your 192.168.1.2 computer hit pfsense wan IP at 192.168.1.100:port to get get forwarded to 192.168.2.2

            transitnetwork.png
            transitnetwork.png_thumb

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.