2WAN-2LAN All Wans Have Identical Setup, Lans Identical Setup, ONLY 1 LAN WORKS

  • Hi.

      I have pfSense box set up with 2 WAN and 2 LAN interfaces.

    One node has 2 LAN connection each coming from different LAN interface:
        Lan1 is setup with 192.168.2.xx internal IPs
        Lan2 is setup with 192.168.3.xxx internal IPs

    NAT 1:1 binds public IP xx.xx.xx.165 to
      NAT 1:1 binds public IP xx.xx.xx.197 to

    Firewall rule allows ssh,http to both and

    What works:
      Almost everything:  WAN1, WAN2 have connections ping and can access.

      I can ssh from psSense box to both and  (confirms recipient box is up on both lans).
      but I can only ssh to from outside word and CANNOT CONNECT TO second connection

    Attached are the NAT set up and Firewall Rules I have set. 
    EVEYTHING is good on LAN 1, but when LAN1 is disabled (or without disabling) I cannot access node  connected to LAN2 (it's the same node as LAN1 is connecting without issue)

    I confirmed I can connect to the node from LAN1 and LAN2 from pfSense box itself, but not from behind firewall

  • LAYER 8 Netgate

    Check the firewall. etc on host


    I don't think it's your issue but why not two firewall rules to the SSH systems? Dest any seems lazy and unspecific to me there.

  • Thank you for your reply.

    As you have mentioned, having any for ssh port wasn't the issue.  I have it at any to have ssh port open for all nodes.

    I almost pulled my hairs out!

    This is what I noticed and was the problem:

    Under Firewall/NAT  pfSense automatically generated Mapping rules. 
    All mapping rules were for internal IPs to link to default WAN.  (192.168.2.x -> WAN1 && 192.168.3.x -> WAN1)

    When I manually changed mapping for 192.168.3.x -> WAN2  it fixed it and it works now.

Log in to reply