Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static route back to LAN subnets?!

    Routing and Multi WAN
    3
    4
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      m0zeid
      last edited by

      Dear all,

      I've been always a follower to this forum and looking to be an active member here to learn more on pfsense!

      I have this problem.

      My previous setup was like this:

      192.168.1.0 & 192.168.2.0 & 192.168.3.0 …(LAN)--->Mikrotik (NAT)--->DSL modem---> Internet
      No problems at all.

      My setup now:
      192.168.1.0 & 192.168.2.0 & 192.168.3.0 ...(LAN)--->Mikrotik---> pfsense (NAT) --->DSL modem---> Internet

      It's not working, unfortunately and I don't know why!

      It will only work when the subnets are NATed on the mikrotik, yes for sure it will give me internet but i dont want it that way. I don't want to do double NAT!
      the mikrotik router will be used only as a router and L3 switch for internal networking and such.

      the subnet 192.168.1.0/24 for example has the gateway 192.168.1.254 which it is on the mikrotik.
      the mikrotik router then has a last resort route 0.0.0.0/0 to the pfsense. the connection between mikrotik and pfsense are on a separeate subnet 192.168.254.0/30. pfsense: 192.168.254.1  & mikrotik: 192.168.254.2

      the packets from the hosts on subnet 192.168.1.0 will go the gateway 192.168.1.254 (mikrotik interface) and then using the static route 0.0.0.0/0 it will be forwarded to pfsense 192.168.254.1 wich then it will be NATed and then go to the WAN.

      packets needs to go back so I created static routes on the pfsense so it can know how to get to those subnets.
      192.168.1.0 & 192.168.2.0 ... though gateway 192.168.254.2 (mikrotik)

      here it is:
      now I can't ping the internet from the host
      i can't ping the pfsense from the host
      i CAN ping the host from pfsense!!
      i can ping internet from mikrotik and pfsense

      can anybody tell me whats going on? I'm sure it's a problem with routes, but how come pinging the pfsense from the host gives "request timed out" but when pinging host from pfsense it will do it noramlly?!

      from pfsense routes:
      Gateways
      Name Interface Gateway Monitor IP Description
      ToLANSubnets LAN 192.168.254.2 192.168.254.2  
      WAN_PPPOE (default) WAN 17X.XX.X.XX 17X.XX.X.XX Interface WAN_PPPOE Gateway

      from mikrotik:

      can plz anybody give me a hint, it must be something that I'm not noticing!

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Firewall rules on LAN only allowing traffic sourced from LAN net?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • M
          m0zeid
          last edited by

          @Derelict:

          Firewall rules on LAN only allowing traffic sourced from LAN net?

          well I didn't create any rules yet, I only have those came by default:

          any suggestions?

          1 Reply Last reply Reply Quote 0
          • T
            tim.mcmanus
            last edited by

            Put the Mikrotik in bridged mode only.  I have one downstream from my pfSense router and it's set up that way and works fine.  pfSense does the DHCP, DNS, NAT, etc.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.