Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AWS Q: How do I get EC2 machines in private VPC to use pfSense as gateway?

    Virtualization
    2
    5
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      umuzidan
      last edited by

      Ok here's the setup:
      I have a pfsense EC2 instance running with two NICs, one on a public subnet, and one on a private subnet.
      public subnet: public IP 1.2.3.4/ private IP 172.16.0.5/24
      private subnet: private IP 192.168.1.5/24

      I can access pfsense at https://1.2.3.4 and can see I have a LAN configured for 192.168.1.5.

      I also have a server on the private LAN with IP 192.168.1.10.

      Question: How can I configure the VPC so the server (.10) can have a default route 0.0.0.0/0 of 192.168.1.5?

      Without understanding this, I can't tell how the server (.10) will be NAT'd behind pfsense (1.2.3.4)

      Note: I tried to add a default route of 0.0.0.0/0 to the private subnet in AWS VPC equal to the network adapter of 192.168.1.5 but it wouldn't allow.

      I figure there are users here that have an AWS pfSense instance running that have already solved this.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        What do you mean "wouldn't allow?" Please expand. I have done just that many times.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • U
          umuzidan
          last edited by

          The method by which I was attempting to configure this was to edit the Routing Table for the private subnet and trying to essentially enter destination=0.0.0.0/0 and target=192.168.1.5/24 (but instead of entering this, I was presented with the instance ID for the pfsense firewall, which I chose).

          I was presented with the error "There are multiple interfaces attached to instance 'i-xxxxxx'. Please specify an interface ID for the operation instead. (Service: AmazonEC2; Status Code: 400; Error Code: InvalidInstanceID; Request ID: xxxxxxx)"

          Any idea?

          Essentially I'm trying to learn how to setup an isolated private network behind a pfsense EC2 instance. In a traditional network, your servers would be configured with pfSense as the default route, however in AWS, I can't figure out that part yet.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Use the ID of the inside pfSense interface.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • U
              umuzidan
              last edited by

              @Derelict:

              Use the ID of the inside pfSense interface.

              BINGO! That was it. I had to manually copy the Network Interface ID for the LAN adapter on the pfsense instance and paste it into the target for my new default route for the private subnet (writing it out for others to easily follow what I needed to do to solve this).

              Thanks!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.