Lan client is not outgoing through WAN IP



  • Hi all,

    I'm new in this community, i'm trying Pfsense on a Virtual Machine on Proxmox 4.3.1

    It has 3 cards:

    WAN -> 10.3.5.90/24 with 10.3.5.1 as the default gateway ->  this is a DMZ network
    LAN -> 192.168.90.1/24 -> this is the network for clients
    OPT -> 192.168.3.90/24 ->  this is the routers network

    Clients have internet but they are outgoing from a lan IP and I can't manipulate their bandwidth with traffic shaping on the border router with local IPs.. its really annoying..

    For example, if I run a speedtest, I see (with IPTRAF) the local ip (192.168.90.100) on the DMZ interface instead the WAN IP (10.3.5.90)

    I leave you 2 screenshoots, one with the NAT outbound configuration and the other with the IPTRAF traffic showing the issue. You will see the LAN ip making some traffic (192.168.90.100) and another router making traffic with the ip 10.3.5.120… this is that I want.. the 10.3.5.120 is an Untangle router running on a Virtual Machine... same scenario like Pfsese.

    I will appreciate your help.

    Thanks!  :)


    ![Firewall NAT Outbound.png_thumb](/public/imported_attachments/1/Firewall NAT Outbound.png_thumb)
    ![Firewall NAT Outbound.png](/public/imported_attachments/1/Firewall NAT Outbound.png)



  • What is RED3 and why do the rules suggest it has the same network as LAN?

    What are the firewall rules for the actual interfaces?



  • @Alex:

    What is RED3 and why do the rules suggest it has the same network as LAN?

    What are the firewall rules for the actual interfaces?

    RED3 is the OPT1 card, used for make "transparency" between the 192.168.90.0 and the 192.168.3.0, is only a "foot" of the network 192.168.3.0 in this router.

    This outbound rules was created automatically when I create the OPT interface.

    I have deactivated the nat rules to see what happens and nothing change, I was able to navigate and the local ip still appears on the IPTRAF.

    I attach the images of the rules and gateways.

    ![System Routing Gateways.png](/public/imported_attachments/1/System Routing Gateways.png)
    ![System Routing Gateways.png_thumb](/public/imported_attachments/1/System Routing Gateways.png_thumb)
    ![Firewall Rules LAN.png](/public/imported_attachments/1/Firewall Rules LAN.png)
    ![Firewall Rules LAN.png_thumb](/public/imported_attachments/1/Firewall Rules LAN.png_thumb)
    ![Firewall Rules RED3.png](/public/imported_attachments/1/Firewall Rules RED3.png)
    ![Firewall Rules RED3.png_thumb](/public/imported_attachments/1/Firewall Rules RED3.png_thumb)
    ![Firewall Rules WAN.png](/public/imported_attachments/1/Firewall Rules WAN.png)
    ![Firewall Rules WAN.png_thumb](/public/imported_attachments/1/Firewall Rules WAN.png_thumb)



  • Your Default GW is WAN.

    Try switching the gateway under the advanced button in a rule to move traffic from A > B over Gateway: Red3. If it's sitting at default then I think it's just going to push everything over that, unless you set the RED3 as default so you would only have to change the routing rule for machines that actually need to traverse the WAN GW.


Log in to reply