PfSense as WAN router

jespernissen

Hi everyone,

I have the following interface setup on my pfSense:
WAN: 212.112.137.132/25 + Virtual IP 185.156.96.4/24
LAN: 172.16.0.1/12 (NAT to WAN)
Customer1 (VLAN): 185.156.99.1/24
Customer2 (VLAN): 185.156.97.1/29
Customer3 (VLAN): 185.156.97.9/29
Customer4 (VLAN): 185.156.97.17/29
More customer VLANs will come.

When i connect a computer on any of the customer interfaces and assign an ip address (eg 185.156.97.2/29)
I can't access the internet

I can ping the following adresses:
  -  185.156.99.1
  -  185.156.97.1
  -  185.156.97.9
  -  185.156.97.17
  -  185.156.96.4
  -  212.112.137.132
  -  172.16.0.1 (Should not be possible)

As you can see, disabling NAT completely is not an option, then the LAN network will not work.

I tried using physical interfaces in the pfSense box instead, and then bridging the WAN and the Customer interface. That works.
When i do bridging with the VLAN interface, it doesn't work. Then i can ping the pfSense box sometimes and sometimes not. (Packet loss around 90%)

I also tried creating an outbound NAT rule for the customer interfaces with "Do not NAT", still doesn't work.

I want pfSense to act like a "mini-isp router".
Is there any way i can accomplish that?

heper

are you able to ping from those interfaces towards the web ? (you can use diagnostics–>ping to select them individual interfaces)

jespernissen

@heper:

are you able to ping from those interfaces towards the web ? (you can use diagnostics–>ping to select them individual interfaces)

No, im not able to ping anything else than i wrote above unfortunately.
But i can ping 172.16.0.1, and that should not be possible. But i can reject access to RFC 1918 networks on the interfaces. Then that problem is solved.