Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN to internet and Router behind.

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 384 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      Luis92
      last edited by Luis92

      Hi there guys,

      I have been dealing with this for a few days now and I really hope this can get solved somehow. I would like to kindly ask for any possible help.

      This is my topology. A pfSense box between two routers, but I am unable to ping the WAN interface from the LAN (Debian10).

      This is the topology -

      Topology.png

      These are the rules in the firewall, basically allowing everything for testing.

      WAN rules.png

      OP3 Rules.png

      Also, for this topology to work, I needed to add a default gateway X.X.100.2 to create a static route towards to X.X.90.0 network. Although I know that doing this prevents the ping through the WAN from getting out.

      Gateways.png
      StaticRoute back to .90.png

      With this setup the ping is successful up to the interface in X.X.100.2 but I can't manage for it to go to X.X.20.2

      Pings from Debian here.
      Pings from debian.png

      If I remove the router R1, connecting the Debian straight to pfSense without any default gateway it works beautifully.

      I have tried creating rules in the NAT, disabling it, making it hybrid and many other configurations to no avail. I left it as default now.

      I have also tried creating default routes in the routers to carry the traffic, but communication between both interfaces in pfSense is simply not happening.

      So the question is, how can I set pfSense between two routers without a default gateway to bring the traffic to the network behind R1, is this possible?

      Thank you so much in advance.

      V 1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann @Luis92
        last edited by

        @Luis92 said in WAN to internet and Router behind.:

        With this setup the ping is successful up to the interface in X.X.100.2 but I can't manage for it to go to X.X.20.2
        Pings from Debian here.

        That screenshot shows a ping to 192.168.100.1 not to .100.2. So the destination is R1, which you get response from.
        Possibly R1 doesn't pass the traffic to pfSense. What does the routing table of this router look like?

        L 1 Reply Last reply Reply Quote 0
        • L Offline
          Luis92 @viragomann
          last edited by

          @viragomann Hi thank you for answering.

          Yes you right, the screenshot doesn't show it, but it was working up to x.x.100.2, sorry about that. Finally I found the problem.

          R1 wasn't passing the traffic on to pfSense properly, only ICMP but no more. I changed the command for the static route from -

          ip route 192.168.20.0 255.255.255.0 g1/0

          To -

          ip route 192.168.20.0 255.255.255.0 192.168.100.2

          And it worked beautifully. I suppose that between routers there is no problem with that command but pfSense is in a VM and treated as end device. Not sure but that's the resolution in case anyone else has the same problem.

          Thank you for you response!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.