Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Lan client is not outgoing through WAN IP

    Scheduled Pinned Locked Moved NAT
    4 Posts 3 Posters 877 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      johnnysoux
      last edited by

      Hi all,

      I'm new in this community, i'm trying Pfsense on a Virtual Machine on Proxmox 4.3.1

      It has 3 cards:

      WAN -> 10.3.5.90/24 with 10.3.5.1 as the default gateway ->  this is a DMZ network
      LAN -> 192.168.90.1/24 -> this is the network for clients
      OPT -> 192.168.3.90/24 ->  this is the routers network

      Clients have internet but they are outgoing from a lan IP and I can't manipulate their bandwidth with traffic shaping on the border router with local IPs.. its really annoying..

      For example, if I run a speedtest, I see (with IPTRAF) the local ip (192.168.90.100) on the DMZ interface instead the WAN IP (10.3.5.90)

      I leave you 2 screenshoots, one with the NAT outbound configuration and the other with the IPTRAF traffic showing the issue. You will see the LAN ip making some traffic (192.168.90.100) and another router making traffic with the ip 10.3.5.120… this is that I want.. the 10.3.5.120 is an Untangle router running on a Virtual Machine... same scenario like Pfsese.

      I will appreciate your help.

      Thanks!  :)

      iptraf-dmz.png
      ![Firewall NAT Outbound.png_thumb](/public/imported_attachments/1/Firewall NAT Outbound.png_thumb)
      ![Firewall NAT Outbound.png](/public/imported_attachments/1/Firewall NAT Outbound.png)
      iptraf-dmz.png_thumb

      1 Reply Last reply Reply Quote 0
      • A
        Alex Atkin UK
        last edited by

        What is RED3 and why do the rules suggest it has the same network as LAN?

        What are the firewall rules for the actual interfaces?

        1 Reply Last reply Reply Quote 0
        • J
          johnnysoux
          last edited by

          @Alex:

          What is RED3 and why do the rules suggest it has the same network as LAN?

          What are the firewall rules for the actual interfaces?

          RED3 is the OPT1 card, used for make "transparency" between the 192.168.90.0 and the 192.168.3.0, is only a "foot" of the network 192.168.3.0 in this router.

          This outbound rules was created automatically when I create the OPT interface.

          I have deactivated the nat rules to see what happens and nothing change, I was able to navigate and the local ip still appears on the IPTRAF.

          I attach the images of the rules and gateways.

          ![System Routing Gateways.png](/public/imported_attachments/1/System Routing Gateways.png)
          ![System Routing Gateways.png_thumb](/public/imported_attachments/1/System Routing Gateways.png_thumb)
          ![Firewall Rules LAN.png](/public/imported_attachments/1/Firewall Rules LAN.png)
          ![Firewall Rules LAN.png_thumb](/public/imported_attachments/1/Firewall Rules LAN.png_thumb)
          ![Firewall Rules RED3.png](/public/imported_attachments/1/Firewall Rules RED3.png)
          ![Firewall Rules RED3.png_thumb](/public/imported_attachments/1/Firewall Rules RED3.png_thumb)
          ![Firewall Rules WAN.png](/public/imported_attachments/1/Firewall Rules WAN.png)
          ![Firewall Rules WAN.png_thumb](/public/imported_attachments/1/Firewall Rules WAN.png_thumb)

          1 Reply Last reply Reply Quote 0
          • J
            justblackcoffee
            last edited by

            Your Default GW is WAN.

            Try switching the gateway under the advanced button in a rule to move traffic from A > B over Gateway: Red3. If it's sitting at default then I think it's just going to push everything over that, unless you set the RED3 as default so you would only have to change the routing rule for machines that actually need to traverse the WAN GW.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.