Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT or Rule problem

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Formator
      last edited by

      Hi all!

      I have the following settings:

      |–-------|- WAN --------------------------------------|--------|--> (External IP 1 (82.192.53.x) via DHCP ISP Cable modem)
      --192.168.3.0/24-- LAN -| pfSense |                                    ______________  | Switch |
                                        |---------|- OPT1 --192.168.1.0/24--| Cisco PIX VPN | --|--------|--> (External IP 2 (82.192.53.x) via DHCP ISP Cable modem)
                                                                                            ----------------
      NAT on pfSense (Outbound)
      Interface    Source    Source Port    Destination    Destination Port    NAT Address    NAT Port    Static Port    Description
      OPT1      192.168.3.0/24    *                  *                  *                  *                *                NO                PIX   
      WAN      192.168.3.0/24    *                  *                  *                  *                *                NO                Auto created rule for LAN

      Rules on pfSense (LAN)
      Proto    Source    Port    Destination    Port    Gateway    Schedule    Description   
      TCP            LAN net    *    193.178.175.1    *    OPT1                    VPN Comp 1   
      TCP            LAN net    *    193.178.175.2    *    OPT1                VPN Comp 2   
      *              LAN net    *    *                    *    *                        Local LAN

      What I have want to make with this setting is that some traffic from LAN which go on 193.178.175.0/30 subnet must go thru OPT1 interface, all other traffic thru WAN on Internet. On pfSense I have enabled DHCP Server only on LAN.

      I have now problem that if pfsense boot before PIX I get on pfSence thru LAN interface DHCP request from PIX external interface and pfSense answer on DHCP request with internal IP 192.168.3.x. This result with VPN down...

      I'm very sure that I have set something wrong on pfSense but when I have look here for solution I mostly get Load Balancer (how-to) but I don't wont it here because I have rules based route.

      I will be very thankfull if you have any suggestion about this problem.

      1 Reply Last reply Reply Quote 0
      • G
        ginosteel
        last edited by

        can u tell me where is 193.178.175.0/30 because from your sheme opt1 has 192.168.1.0/24

        1 Reply Last reply Reply Quote 0
        • F
          Formator
          last edited by

          @ginosteel:

          can u tell me where is 193.178.175.0/30 because from your sheme opt1 has 192.168.1.0/24

          Thank you for replay and time. 193.178.175.0/30 network is VPN network on another side of VPN tunnel. OPT1 get IP from Cisco PIX and it is 192.168.1.0/24

          For better anderstanding if I connect Cisco on normal computer with only one interface I will get from Cisco PIX IP 192.168.1.1 and I could connect only on 193.178.175.1 and 193.178.175.2 computers on another side of Cisco VPN tunnel. But on this normal computer I need Internet too.

          1 Reply Last reply Reply Quote 0
          • G
            ginosteel
            last edited by

            as u posten it seems that in lan rules u let only :
            TCP            LAN net    *    193.178.175.1    *    OPT1                    VPN Comp 1   
            TCP            LAN net    *    193.178.175.2    *    OPT1                VPN Comp 2

            try to add a new rule based on your needs for the third comp

            1 Reply Last reply Reply Quote 0
            • F
              Formator
              last edited by

              @ginosteel:

              as u posten it seems that in lan rules u let only :
              TCP            LAN net    *    193.178.175.1     *    OPT1                    VPN Comp 1     
              TCP            LAN net    *    193.178.175.2    *    OPT1                 VPN Comp 2

              try to add a new rule based on your needs for the third comp

              There is no third comp on another side of VPN only two exists, my problem is that Cisco externel interface somehow get IP from pfSense from LAN interface and I don't know how is this possible. This mostly happend when I boot pfSense before Cisco and when this happend Cisco afcourse can't astablish VPN connection. If boot order is right then all works ok and any computer behind pfSense (on LAN) have access to 193.178.175.0 network and internet…

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.