Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing WAN to LAN for lab environment

    General pfSense Questions
    2
    2
    5.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Clarky1000
      last edited by

      Hi all

      I'm a complete novice here and know very little about routing / firewall rules. I wanted to setup a lab environment to help learn different technologies. I decided to use virtualbox and pfsense. I didn't want my lab environment to be on the same network as my home machines so I configured the pfsense box with 2 nics, one bridged(WAN) and one internal(LAN).

      All lab machines can communicate with each other, have access to the internet and can ping machines on the local network, but machines on my local network can't communicate with those in the lab.

      I want my local network (bthome hub) to have access to the lab environment, the reason I want to allow this is so my xenserver can access my xenapp environment in the lab. I'm sure this is possible, but I just don't know how to achieve it.

      Local Network: 192.168.1.0 /24
      WAN interface (pfsense): 192.168.1.75, GW 192.168.1.254
      LAN interface (pfsense): 192.168.2.254

      Any help would be greatly appreciated

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Out of box pfsense nats.  So for you to access something behind pfsense you would have to port forward the ports you want and where you want to send it on your lan 192.168.2/24 network.

        You would then access pfsense wan IP on that port, pfsense would forward that traffic to your VMs behind pfsense on their 192.168.2 IP

        Your other option which would be to turn off nat on pfsense.  Now your just firewalling/routing - so you would just create firewall rules to allow the traffic you want from your local network into your lan behind pfsense, and same thing for traffic from your lab into your lan.

        Hope you understand that in your setup your lab out of the box would have full access into your local network, unless you modified the lan rules on pfsense?

        If you disable nat on pfsense, keep in mind that your actual router/gateway for your local network that gives you access to the internet would have to allow for and nat your lab network (192.168.2/24)  You also run into a asymmetrical routing issue that way.  So prob better off to just keep natting and use port forwards into your lab.  But if you don't want your lab having access to your local your going to have to adjust the lan rules in pfsense.

        The best solution would be to just replace your actual router with pfsense so now both your networks are behind pfsense on different segments and you just firewall between them to limit access.  This can be done with pfsense on VM.  It is much easier if the vm host pfsense will be put on is dedicated vs your workstation.  But can be done both ways.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.