PfSense as WAN router



  • Hi everyone,

    I have the following interface setup on my pfSense:
    WAN: 212.112.137.132/25 + Virtual IP 185.156.96.4/24
    LAN: 172.16.0.1/12 (NAT to WAN)
    Customer1 (VLAN): 185.156.99.1/24
    Customer2 (VLAN): 185.156.97.1/29
    Customer3 (VLAN): 185.156.97.9/29
    Customer4 (VLAN): 185.156.97.17/29
    More customer VLANs will come.

    When i connect a computer on any of the customer interfaces and assign an ip address (eg 185.156.97.2/29)
    I can't access the internet

    I can ping the following adresses:
      -  185.156.99.1
      -  185.156.97.1
      -  185.156.97.9
      -  185.156.97.17
      -  185.156.96.4
      -  212.112.137.132
      -  172.16.0.1 (Should not be possible)

    As you can see, disabling NAT completely is not an option, then the LAN network will not work.

    I tried using physical interfaces in the pfSense box instead, and then bridging the WAN and the Customer interface. That works.
    When i do bridging with the VLAN interface, it doesn't work. Then i can ping the pfSense box sometimes and sometimes not. (Packet loss around 90%)

    I also tried creating an outbound NAT rule for the customer interfaces with "Do not NAT", still doesn't work.

    I want pfSense to act like a "mini-isp router".
    Is there any way i can accomplish that?



  • are you able to ping from those interfaces towards the web ? (you can use diagnostics–>ping to select them individual interfaces)



  • @heper:

    are you able to ping from those interfaces towards the web ? (you can use diagnostics–>ping to select them individual interfaces)

    No, im not able to ping anything else than i wrote above unfortunately.
    But i can ping 172.16.0.1, and that should not be possible. But i can reject access to RFC 1918 networks on the interfaces. Then that problem is solved.


Log in to reply