Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing between interfaces

    Scheduled Pinned Locked Moved Routing and Multi WAN
    12 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      djm0
      last edited by

      No firewalls in place on connected devices as part of troubleshooting.

      LAN can all ping within LAN

      OPT1 can all ping within OPT1

      Example: 192.168.2.3 can ping 192.168.2.250, 192.168.2.3 can also ping 192.168.4.1 but not 192.168.4.52
      Example 192.168.4.52 (zoneminder) can ping 192.168.4.54 (camera). 192.168.4.52 can also ping 192.168.4.1, 192.168.2.1 but NOT 192.168.2.250

      Windows 192.168.2.250 ICMP 192.168.4.52 -> PFSense 192.168.2.1 -> 192.168.4.1 -> notta.

      I just decided to do a trace route on my windows host. it seems the routes are not working.
      When I attempt to traceroute to 192.168.4.52 it goes out to my internet connection.
      Traceroute 192.168.4.1 and it's instant.

      Okay so why is PFSense redirecting traffic to my WAN for that ip?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Check the netmasks on all your pfSense interfaces. They should probably be /24 and are likely /32.

        Are you using policy routing (Setting gateways on LAN/OPT1 rules)?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • D
          djm0
          last edited by

          Everything is /24 for the full 192.168.2/4.x subnets

          Yes I have the LAN interface set to go through the WAN_DHCP gateway and Guest network to go trough the OVPN Client for it's gateway.

          1 Reply Last reply Reply Quote 0
          • D
            djm0
            last edited by

            Rules:

            Capture.PNG
            Capture.PNG_thumb

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              What you are seeing is normal and expected.

              https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • D
                djm0
                last edited by

                How do I enforce just my guest network uses the OVPN Client gateway without it? When I use default WAN connectivity is gone.

                1 Reply Last reply Reply Quote 0
                • D
                  djm0
                  last edited by

                  What I mean is if I set my outbound rules to default there is no WAN connectivity on the LAN anymore with that PIA rule enabled.

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    You probably need to check "Don't pull routes" on your PIA client.

                    There are probably a thousand threads on this, bro.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • D
                      djm0
                      last edited by

                      Slaps hand on head. Yup. That's it.

                      Thanks so much, honestly I had no idea what to search for to figure out this mess.

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        "PIA"

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.