NAT between two pfsense routers



  • Hi,

    I have a configured two pfsense routers in my home and my network looks as below.
    May be this is a usual questions, but forgive i am novice user.
    Please find the attached network diagram.

    I have a pfsense1 router which is configured to distribute 192.168.89.0/24 address to which another pfsense router with 192.168.90.0/24 has been connected. The pfsense2 WAN port has 192.168.89.18 as the address.

    Also the pfsense1 (192.168.89.0/24) is connected to a ubiquti router which has the LAN configuration as 192.168.1.0/24 address. The pfsense1 WAN port has the address 192.168.1.11.

    Also ubquiti router is connected to internet.

    The laptop which is connected to pfsense2 (192.168.90.12) is able to access the internet and all the machines on 192.168.89.0 and 192.168.1.0 network. But none of the machines in 192.168.89.0 and 192.168.1.0 networks is not able to access 192.168.90.12 or any other machines that is connected to pfsense2.

    Do i need to have to make any changes in pfsense2 and pfsense1 to reach out to 192.168.90.12 or any other machines connected to pfsense2?

    Please help

    Thanks,
    dseknat


  • Netgate

    They need to know where to send traffic for those destinations. They need routes for 89 and 90 pointing to the right places. And the firewall rules entering the interfaces need to pass the traffic.



  • Whether i need to add router or configuration in pfsense routers?

    Thanks,
    dseknat



  • Dare I ask why you have this setup?


  • Netgate

    Configuration.


  • Rebel Alliance Global Moderator

    I'm with nycfly here..  Why would you do such a setup?  Ok you want to use pfsense - great, all on board with that.  you want to put it behind a unifi router.. Ok sure.. But why would you want 2 pfsense, when you could just use 1 and put both those networks behind it.

    And unless its a typo you have your 192.168.89 as a transit with hosts on it - that is borked.. And same goes for yoru 192.168.1 network.. And why would you nat at all.. If you want to do a downstream router, great.. But why not just let your unifi router nat those to your public?

    So you would end up with something more like this..

    You would then just need route on your unifi saying hey to get to 192.168.88/22 talk to 172.16.0.2 (pfsense IP in your transit).  Turn off nat in pfsense, and setup unifi to nat your downstream networks.  If you left nat on it pfsense that would work too.. Just if you wanted anything in 192.168.1 to be able to talk stuff in your 89/90 networks you would have to port forward on pfsense.  But you wouldn't have to do any route commands, etc.

    If your going to nat at pfsense you could just use your 192.168.1 as your transit..




  • Thanks Johnpoz what ever you have suggested worked!.


  • Rebel Alliance Global Moderator

    Well yeah ;) heheheh

    So your all sorted?  Any more questions?  Some applauds and thank you's don't hurt my feelings.  I have some dipshit smiting me everytime they log in ;)