Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to route to inside lan pfsense

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      oneaway
      last edited by

      Hi everyone.
        My network of company has 2 site connect by VPN site to site. It use Draytek 2910 connect VPN to Drayteck 2925 is ok. The connect VPN is OK via Internet.
        Draytek 2925 –-----------Pfsense 1 ----------- Internal
        Drayteck 2910 --------------Pfsense 2 --------------- Internal

      Draytek 2925 is Wan IP public      Lan: 10.0.2.249
        Drayteck 2910 is Wan: IP public    Lan: 10.0.4.249
        Pfsense 1: Wan: 10.0.2.248        Lan: 10.0.3.249
        Pfsense 2: Wan: 10.0.4.248          Lan: 10.0.5.249

      -  So now, the lan of Pfsense 1 can ping to Wan of Pfsense 2 is: 10.0.4.x, and Draytek 2910 can't ping to lan of pfsense 1 is 10.0.2.x.
      -  And Draytek 2925 can't ping to pfsense1. Futher it can't ping to lan of pfsense 1 is 10.0.2.x

      Can you help me solve this problem? How to lan of 2 site can access each other? Thanks for any comment.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Why would you not just replace your draytek with pfsense.. What is the point of your double nat setup?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • O
          oneaway
          last edited by

          @johnpoz:

          Why would you not just replace your draytek with pfsense.. What is the point of your double nat setup?

          Thanks for your comment. My system before use TMG 2010 at location of Pfsense and I can config tracffics as I want. Since I replaced TMG by Pfsense, I do not ping from Wan network of PFsense 1 to Internal. Can you help me create rule step by step to do this? Thank you.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Pfsense is meant to be where your draytek are.. What your doing if natting is going to be terrible and you would have to port forward to allow traffic.  Did you disable natting on your pfsense?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • O
              oneaway
              last edited by

              @johnpoz:

              Pfsense is meant to be where your draytek are.. What your doing if natting is going to be terrible and you would have to port forward to allow traffic.  Did you disable natting on your pfsense?

              Dear.
                Natting on Pfsense is active beacause I can ping is ok from Lan: 10.0.2.249 to Wan network of pfsens 2: 10.0.5.x. But it can't ping to wan adapter pfsense2 is 10.0.5.249 . I think the problem relate Pfsense 2.
                Wan network of pfsense1 can't ping wan adpater of fpsense1. To do this I think don't need nat or route beacause it is like together subnet mask.
                I think that steps I need to do is:
              1. Ping Ok. From wan network of pfsense1 to wan adapter if pfsense1
              2. Ping Ok. From wan network of pfsense 1 to Lan of pfsense 1
              3. ping Ok. From wan network of pfsense 2 to Lan of pfsense 1

              Thanks for your help.
              P/s: I don't check System/Advanced/Firewall & NAT Disable all packet filtering.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.