2 PfSense Use source IP client when routing between the 2 PfSense



  • Hi!  ;D

    I'm new here so I hope I'm in the right forum, thanks in advance for your help.

    I've got 2 pfSense VMs, each box got multiple interfaces/subnets and the 2 PfSense are connected with 1 network.
    The idea behind is to simulate 2 data centres (let's call it DC 1 and DC 2), each got his own PfSense and with this design I can simulate a split brain scenario by stopping the traffic between the 2 pfSenses.

    To route the traffic between the 2 virtual DC/pfsense, I have set up a default gateway (routing>gateway) using the other PfSense gateway and vice versa.
    Cross traffic works fine, everything is perfect except that when the traffic from DC A access DC B, the gateway from DC B is used to communicate to the devices in DC B (it is the same issue for traffic from DC B).

    I've got an application that can't work because the IP associated to my device is the upstream gateway … Is there any chance to keep the client source IP instead of the upstream gateway? If I can simulate my split brain without using 2 pfsenses or with a different configuration, it is fine!

    I hope I make sense, thanks!
    J



  • Please CMIIW,

    I'm assuming you're still runing the default setting and the 2 pfsense are connected through a WAN inteface, but you want the client on either side of the pfsense to connect using their own ip ?

    in that case you try disabling NAT on the WAN, by default pfsense will NAT all traffic through the WAN Interface



  • Hi, thanks for helping.

    No the 2 PfSense are connected through a dedicated LAN interface, not NAT, see attached a schema.
    The traffic from subnet 100 will use GW 172.21.1.251 to access subnet 200, normal. The problem is the device from subnet 200 will see the traffic coming from 172.21.1.251 (and that cause issue in my application Citrix) instead of the client IP from subnet 100 (e.g. 192.168.100.1).

    Cheers,
    J

    ![PfSense Lab Issue.jpg](/public/imported_attachments/1/PfSense Lab Issue.jpg)
    ![PfSense Lab Issue.jpg_thumb](/public/imported_attachments/1/PfSense Lab Issue.jpg_thumb)



  • did you try disabling automatic NAT ? I just had an issue where static routing isn't being used because a gateway was set in the WAN Interface, and my observations shows that automatic NAT in pfsense assigns NAT rule to interfaces with gateway assigned to it



  • Thanks! No I didn't, I'll give it a try on Monday.

    Cheers,
    J



  • So the problem was the automatic rules created for NAT, once disabled, it works!

    Thanks m8!  ;)