Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2 PfSense Use source IP client when routing between the 2 PfSense

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fwj
      last edited by

      Hi!  ;D

      I'm new here so I hope I'm in the right forum, thanks in advance for your help.

      I've got 2 pfSense VMs, each box got multiple interfaces/subnets and the 2 PfSense are connected with 1 network.
      The idea behind is to simulate 2 data centres (let's call it DC 1 and DC 2), each got his own PfSense and with this design I can simulate a split brain scenario by stopping the traffic between the 2 pfSenses.

      To route the traffic between the 2 virtual DC/pfsense, I have set up a default gateway (routing>gateway) using the other PfSense gateway and vice versa.
      Cross traffic works fine, everything is perfect except that when the traffic from DC A access DC B, the gateway from DC B is used to communicate to the devices in DC B (it is the same issue for traffic from DC B).

      I've got an application that can't work because the IP associated to my device is the upstream gateway … Is there any chance to keep the client source IP instead of the upstream gateway? If I can simulate my split brain without using 2 pfsenses or with a different configuration, it is fine!

      I hope I make sense, thanks!
      J

      1 Reply Last reply Reply Quote 0
      • A
        adi.nugraha
        last edited by

        Please CMIIW,

        I'm assuming you're still runing the default setting and the 2 pfsense are connected through a WAN inteface, but you want the client on either side of the pfsense to connect using their own ip ?

        in that case you try disabling NAT on the WAN, by default pfsense will NAT all traffic through the WAN Interface

        1 Reply Last reply Reply Quote 0
        • F
          fwj
          last edited by

          Hi, thanks for helping.

          No the 2 PfSense are connected through a dedicated LAN interface, not NAT, see attached a schema.
          The traffic from subnet 100 will use GW 172.21.1.251 to access subnet 200, normal. The problem is the device from subnet 200 will see the traffic coming from 172.21.1.251 (and that cause issue in my application Citrix) instead of the client IP from subnet 100 (e.g. 192.168.100.1).

          Cheers,
          J

          ![PfSense Lab Issue.jpg](/public/imported_attachments/1/PfSense Lab Issue.jpg)
          ![PfSense Lab Issue.jpg_thumb](/public/imported_attachments/1/PfSense Lab Issue.jpg_thumb)

          1 Reply Last reply Reply Quote 0
          • A
            adi.nugraha
            last edited by

            did you try disabling automatic NAT ? I just had an issue where static routing isn't being used because a gateway was set in the WAN Interface, and my observations shows that automatic NAT in pfsense assigns NAT rule to interfaces with gateway assigned to it

            1 Reply Last reply Reply Quote 0
            • F
              fwj
              last edited by

              Thanks! No I didn't, I'll give it a try on Monday.

              Cheers,
              J

              1 Reply Last reply Reply Quote 0
              • F
                fwj
                last edited by

                So the problem was the automatic rules created for NAT, once disabled, it works!

                Thanks m8!  ;)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.