Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with Routing Out of a Content Filter on the LAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 295 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      george.94
      last edited by

      I just installed my first pfSense and need some guidance for what is probably a simple issue I'm overlooking. Here's my setup (greatly simplified)

      pfSense system is a physical system with 4 physical interfaces. Each with a vlan:
      em0 - I Disabled this WAN port (I just want to use this system as an internal network router.
      em1 - (no IP) - Vlan10 (192.168.10.254/24 - no gateway) (connected to Cisco switch via Trunk port)
      em2 - (no IP) - Vlan20 (192.168.20.254/24 - no gateway) (connected to Cisco switch via Trunk port)
      em3 - (no IP) - Vlan34 (192.168.30.254/24 - no gateway) (connected to Cisco switch via Trunk port)
      Firewall rules for all interfaces are just any/any pass
      Each Vlan interface has a DHCP service applied to it for its network. Each has a gateway of their respective Vlan IP.

      I have a Windows server in the vlan10 network (192.168.10.3)
      I have a Content filter and firewall also in the vlan10 network (192.168.10.1)
      I have a PC connected to the vlan20 network (192.168.20.51 - gateway 192.168.20.254)

      What I want to do is have all internet traffic reguarless of ports or services routed to my content filter at 192.168.10.1.
      I have disabled the Firewall on the pfSense router by going to System-->Advanced and checking the box to disable it, and have also disabled "Outgoing Nat". I just want the pfSense router to play traffic cop, anything leaving the network will be Nat'd by my content filter-firewall.

      So here's where I'm at:
      -The PC obtained an IP from the pfSense Vlan20 DHCP server.
      -- It can ping the gateway (20.254) and the Windows DNS server (10.3)
      -- The PC cannot get out to the Internet even though it does have proxy settings pointing it at 10.1 content filter

      • From the Windows server, it can ping through all three networks and hosts, and can get to the Internet.
        I think my next step is to run Wireshark on the DNS server to see if the traffic from the PC is getting to the content filter? After that I'm not sure.

      I tried creating a Gateway in the pfSense Routing utility pointing at my Content filter on ip 10.1, but it seems I can only apply that to one interface. I also tried creating a static route for (0.0.0.0/32 to 192.168.10.1) but I still couldn't get the other subnets out.

      Any Idea's why the PC can't get to the Internet? Any suggestions are very much appreciated.

      G 1 Reply Last reply Reply Quote 0
      • G
        george.94 @george.94
        last edited by

        @george-94 Well I needed to get this up and running this weekend so yesterday I failed back to using inter-vlan routing on a L3 Cisco switch, and then using the WIndow Server for DHCP using DHCP policies to assign the right IP's to the right subnet.

        Bummer, I really like what I see in pfSense. I might get back to it again some day.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.