Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing issue

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 897 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z Offline
      zarje
      last edited by

      I'm hoping someone can help me with a routing problem I have.

      My pfsense firewall has 4 interfaces:

      WAN - goes to ISP for internet
      LAN - internal home network
      3rd and 4th interface are configured in a LAG using LACP and have 6 VLANs setup

      From the LAN network I can browse the internet and all works fine. I can also connect to servers from the LAN to any server in any of the VLANs. Routing from the VLANs to the LAN works fine too.

      The problem is that from any of the VLANs I can't browse the internet over the LAG/LACP. When I do a trace route from one of the servers in the VLAN it gets to the default gateway and then times out. When doing a trace route from the firewall using the LAN interface the trace route works correctly but when selecting one of the VLAN interfaces the trace route times out.

      I've had a look at the gateways and routes but I am lost as to why the VLANs won't route to the internet. I have temporary firewall rules allowing all outgoing traffce so I'm 99% sure its a route issue thats causing this.

      Any ideas? Thanks!

      1 Reply Last reply Reply Quote 0
      • H Offline
        heper
        last edited by

        do you have manual outbound NAT enabled ? if yes:  you need to create nat rules

        if no: more info required

        1 Reply Last reply Reply Quote 0
        • Z Offline
          zarje
          last edited by

          THanks for the reply. Yes, it was the outbound NAT rules that I needed to create. Once this was done the internet worked.

          Stupid question but why are these needed when you have firewall rules to allow/deny access? Are the outbound NAT rules another layer of security? I'm just trying to figure out the point they serve….

          1 Reply Last reply Reply Quote 0
          • DerelictD Offline
            Derelict LAYER 8 Netgate
            last edited by

            As traffic is routed out an interface those rules determine how the source IP address and port are mapped.

            There are many uses for them a few:

            Sourcing traffic from a VIP instead of the interface address
            Not performing NAT at all if the inside addresses are routable/public
            Using a pool of source addresses in high-volume environments
            Setting static source ports for services that require it

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.