Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1 pfSense + router works, 2 pfSense doesn't

    Routing and Multi WAN
    2
    2
    200
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jcm183
      last edited by

      Greetings,

      I am working on an implementation similar to the second diagram in this post: https://forum.netgate.com/topic/153509/slicing-my-pfsense-in-a-router-for-wans-connections-and-a-firewall-for-lans-networks

      I am using a pfSense box for internal routing between three networks used to isolate different types of traffic. The "WAN" connection from this box currently connects to a Netgear router which faces my ISP. I have static routes set up in the Netgear and the pfSense box, and the only NAT applied is by the Netgear at the ISP boundary.

      All is working well, but I want to replace the Netgear with a second pfSense box to allow dual-WAN failover. Although I know I could do everything in one box, I have spare hardware with which to build a second pfSense box. I've configured a second box, and configured both boxes to share internal routes with RIP.

      When I replace the Netgear with the second pfSense box, the devices behind the first pfSense box can no longer reach the Internet. I've checked the route tables in both boxes and all is as expected -- the internal routes are being propagated to the second box. I can use a computer connected to one of the inside networks to access the web configurators on both pfSense boxes. Running Wireshark on that inside machine shows TCP/443 SYN packets intended for external hosts going out, but no ACKs coming back.

      I can swap the Netgear back into place without changing anything on the inside pfSense box and all returns to normal. I was thinking that I needed to create manual NAT rules on the outside box to handle the traffic coming from all of the interior networks but doing so didn't fix the problem.

      I know I'm missing something simple on the second (outside) pfSense box, but I've been through the NAT and routing help pages and nothing is jumping out at me. What am I missing in the second/outside box's configuration?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • N
        netblues
        last edited by

        Rip? Really? You have needs for a dynamic internal routing protocol?

        Apart from that, smells like nat configuration and/or routing on the second box.
        Post a network diagram with subnet ip's and your routing and nat settings

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.