Can't access IP addresses behind a router downstream from PFSense LAN network.



  • I have been having issues reaching devices behind the router downstream from the LAN on the PFSense box.

    I can reach the Router (Gateway on 192.168.2.1) on this diagram but as this is directly connected to the LAN port of the PFSense box this appears in the Route table of the PFSense box directly.

    However anything on the Network (192.168.2.0/24) apart from the router is unreachable from the PFSense box and anything else on the PFSense LAN (e.g. Network Device A cannot reach Network Device B).

    I am assuming it is a Routing issue however I have tried adding the downstream router as a gateway and creating a static route for both the whole 192.168.2.0/24 range and alternatively just the 192.168.2.200/32 range in this example.

    Has anyone got any ideas?

    P.S. All the IP's have been changed for this example so I may have made a mistake in the diagram so apologies if so.

    Dan



  • You will need a static route for LAN2 pointing to 192.168.2.1 on each single device in LAN1 to get it work.


  • LAYER 8 Global Moderator

    you have devices on this 192.168.1/24 network that need to talk to 192.168.2 devices?

    Then you need to connect the downstream router via a transit network… or you have asymmetrical routing.. And yeah problem.. Or you could do as viragomann suggests and put host routing on every device on 192.168.1/24 network..

    Just connect your downstream via a transit and all your problems go away.



  • Hi thanks for the replies so far.

    I dont necessarily need devices in LAN1 to communicate with LAN2 that was purely for diagnostic purposes.

    Effectively the main issue is getting the traffic from a port forward (incoming from WAN) to actually go further than the PFSense box as currently it is not hitting the device in LAN2.

    It doesn't seem to be a FW rules issue so thats why I swapped to checking connectivity between the PFSense box and the devices on the LAN2 wasnt there.

    There is a port forward active on the downstream router too but in the logs nothing is incoming from PFSense box to the downstream router. It seems like the PFSense bix doesnt know where to send the traffic or similar.



  • @dmjar:

    Effectively the main issue is getting the traffic from a port forward (incoming from WAN) to actually go further than the PFSense box as currently it is not hitting the device in LAN2.

    So this should be solution for that already:
    @dmjar:

    I am assuming it is a Routing issue however I have tried adding the downstream router as a gateway and creating a static route for both the whole 192.168.2.0/24 range and alternatively just the 192.168.2.200/32 range in this example.

    Maybe you have done something wrong?


Log in to reply