NAT from one pfsense to other in LAN



  • Hi!
    I have LAN with mask 192.168.1.0/255
    The pfsense1 has ip-address - 192.168.1.2
    The pfsense2 has ip-address - 192.168.1.3

    Need to redirect clients in LAN with ip-address 192.168.1.100-192.168.1.105 which requests port 3128 of pfsense1(192.168.1.2) to port 3128 pfsense2(192.168.1.3).

    So I did next setting in Firewall->NAT section :

    And when clients requests to some outbound resource directly through pfsense1or  pfsense2 they receive response.
    But when clients requests to pfsense1 with setted NAT on it to pfsense2. There is no response. Unfortunately, I can't find any answer to solve problem in Firewall or Squid logs.
    May I get any suggestions from more qualified people than I :) ?


  • LAYER 8 Global Moderator

    For what possible reason could you want/need to do this… So your 2nd pfsense is another internet connection?  Why would you not just use policy routing off your 1st pfsense with 2 internet connections to have your list of users use a specific internet.

    Why would you not just point these clients to the proxy running on pfsense 2 directly??

    Like to help but as you have described what your doing - sounds completely borked..



  • Thanks for your reply. The reason I used two pfsenses with two different WANS is сoncludes in technical possibilities to add one more ethernet adapter for one of pfsenses.
    The second pfsense, i used as backup chanel. And such scheme is satisfies my needs.
    But sometimes i need on fly to redirect the group of clients. And if i used proxy.pac to change proxy, sometimes client need to reload browser, so this way not satisfies me.


  • LAYER 8 Global Moderator

    "technical possibilities to add one more ethernet adapter for one of pfsenses. "

    Can you not just share the 1 physical interface of wan interface on pfsense with vlans?

    In your scenario where you port forward like that.. Your client would think its taking to proxy X at IP X.. But it would get an answer from proxy Y at IP Y.. Most clients would not like that ;)  And would ignore any such reply.



  • If I understand You wright, You recommend to create vlan between pfsenses and use one of them (let it be pfsense1) as wan connection and the other (pfsense2) as client.
    Than create multiwan connection on pfsense2 to use on it wan2 and vlan as wan connections.

    wan1->pfsense1
                      |
                    vlan
                      |
    wan2->multiwan->pfsense2->clients

    Am I correct in my opinions?


  • LAYER 8 Global Moderator

    No there is no reason for 2nd pfsense.. Just connect your 2nd wan to the 1st pfsense via a vlan on the wan interface..


Log in to reply