AWS-EC2: How to route through pfSense

  • Hi everybody,

    I set up the official pfSense EC2 instance with its WAN interface on, plus Elastic IP. Then I added an adapter with a "private" subnet, Everything works so far, with various VPN configurations, internet access from the pfSense etc.

    Now I added a Debian instance in the private network. It got the IP I want to route the internet traffic of the Debian VM through the pfSense.

    As it is advised by several forum posts, I modified the Route Table which is associated with the private subnet: points to the LAN interface ID of the pfSense.
    An additional route only for my personal WAN IP points to the VPC's Internet Gateway in order to access the Debian machine via SSH.

    I also disabled Source/Destination Checks on the Debian and pfSense LAN interfaces.

    pfSense firewall rules and security groups are configured permissive.

    But I still cannot access the internet from the Debian machine through the pfSense. Only pinging the pfSense LAN IP works - not with the WAN IP (

    It is strange that the "ip route" command on the Debian box shows as the default gateway. I did not modify the routing on the VM itself in any way.
    Why is the wrong IP pushed to the VM when I correctly select the interface ID? The first 3 host addresses are reserved, so I cannot understand this.