LAN to WAN Internet Traffic Setup



  • I am attempting to set up a PFSense Firewall to sit between my private network and the world in AWS and act as a firewall/forward proxy. I set the box up with 2 interfaces, WAN (on 10.8.162.6 with a gateway of 10.8.160.1 on a /20 network) and LAN (on 10.8.96.6 on a /20 network, set none on the upstream gateway). Initially, I set up the box without the squid proxy just to make sure I had connectivity between the LAN and WAN. I forwarded the traffic to the LAN but it would not talk to the WAN interface.

    The next stuff I did, made the traffic be able to talk to the internet and go back to the box, but I know it is not the correct way to do it.

    -Created the WAN gateway 10.8.160.1
    -Created the LAN gateway 10.8.96.1
    -Created firewall rules to allow any traffic to the LAN interface.
    -Created firewall rule to allow traffic from LAN to WAN
    -Created NAT to nat traffic coming from 10.0.0.0/8 to the WAN interface.
    -Set the Pure NAT option in the advanced settings.
    -Set the reflection option in the NAT settings.

    (this is eventually what made the traffic flow, but is wrong)
    -Set route for 0.0.0.0/1 to the Wan Interface
    -Set route for 128.0.0.0/1 to the Wan interface
    -Set route for 10.8.96.0/20 to the LAN interface
    -Set route for 10.8.128.0/20 to the LAN interface (IP address space of the computer I'm testing with)

    The AWS space has a CIDR of 10.8.0.0/16 so all but the DMZ subnet (10.160.0.0/20) will point to PFSense for connectivity to the Outside.

    My question: What is the correct way to set my box up for what I am trying to accomplish? The default setup is not working for me and I don't know what it is I need to add. I'm also wondering why the stuff coming in to the LAN interface isn't picking up on the default route in PFSense. The biggest thing I have a problem with is that pseudo default route I put in.

    Any help is appreciated


Log in to reply