PFSENSE as 2nd router, can ping from form VLAN to LAN on Router 1?

  • Sory for may bad english. I want to connect PC from Vlan 40 and 20 to PC1 but Vlan 30 does not? What will i have to do?

  • Obviously the Draytek is the default gateway on PC1.
    Don't get the sense of this setup, but if you want to route packets between PC1 and the VLANs you have to add a route for them to PC1 pointing to pfSense W1 IP. Otherwise packets for the VLAN subnets will be sent to the default gateway and will get dropped there, cause of missing routes.

  • Is there like any reason why you can't do this with just one firewall/router? What you now have is an asymmetric setup (assuming you had those correct routes set up at the draytek) where every host in between the draytek and pfSense will be talking to the hosts behind pfSense using different routes. For example PC1 when it wants to talk to VLAN20 will first go trough the draytek because it's the default gateway but the repiles to that traffic will never reach the draytek because pfSense knows to send those replies back directly to PC1. The proper way for this if you still want to have multiple routers is to use a transfer net between the draytek and pfSense with no hosts on that network.

