pfsense are router ONLY

  • setup.jpg
    I have the above setup :)

    Basically trying to make pfsense as router so I disabled packet filter and NAT
    My goal is to route traffic from to
    So on R1 I create route for and on pfsense I create GW on interface and then create static route for (all pictures are attached)

    When I do Wireshark on the I can see the traffic coming from , but it dies on the way back as there is no reply on , However I see packet from to (TTL exceeded in transit). so my guess there is a loop somewhere


    here is my setup on pfsense

    static route pfsense.png
    no nat.jpg
    What do I missing here ?
    BTW if I replace pfsense with cisco virtual router or arista it work immediately so the problem is in pfsense configuration
    All lab is esxi 6.5

  • LAYER 8 Global Moderator

    why are you creating a gateway to itself?

    The default route will get it back to 192.168.1

    if you were going to create a static route to 192.168.1 the it would point to - not itself.

  • Not sure I follow you here :)

    default route is on the WAN interface and traffic coming from interface.
    can you please explain what do I need to do here exactly


  • Now I got it :)

    Thanks for the hint
    However if I have 2 routers as failover one and one , how do I setup the route in pfsense so if went down traffic will do to ?


  • LAYER 8 Global Moderator

    It would never be setup that way... If you had 2 routers upstream you would do it via carp or hsrp setup, ie HA and your router would point to the vip of the HA pair.

    If you had 2 different upstream routes to get to the same place then you normally setup some sort of automatic route handling so that the route from r1 would fail when you need to use r2.. Say BGP or EIGRP, etc.

    Or you could do it with say a failover group on pfsense I guess. But this would seem a bit nuts if you control the upstream router pair.

  • hmm , other solutions I can point the route to the interface (which I can't in pfsense) and thenR1 and R2 use GARP to announce themselves if one of them got down.
    I tried that with Cisco for example and it worked , but not sure how to do it in pfsense since I can't use interface as GW insetead of IP

  • LAYER 8 Global Moderator

  • Thanks for all your help , I have been there and trying to make it work :)

Log in to reply