LAN to WAN Internet Traffic Setup

  • I am attempting to set up a PFSense Firewall to sit between my private network and the world in AWS and act as a firewall/forward proxy. I set the box up with 2 interfaces, WAN (on with a gateway of on a /20 network) and LAN (on on a /20 network, set none on the upstream gateway). Initially, I set up the box without the squid proxy just to make sure I had connectivity between the LAN and WAN. I forwarded the traffic to the LAN but it would not talk to the WAN interface.

    The next stuff I did, made the traffic be able to talk to the internet and go back to the box, but I know it is not the correct way to do it.

    -Created the WAN gateway
    -Created the LAN gateway
    -Created firewall rules to allow any traffic to the LAN interface.
    -Created firewall rule to allow traffic from LAN to WAN
    -Created NAT to nat traffic coming from to the WAN interface.
    -Set the Pure NAT option in the advanced settings.
    -Set the reflection option in the NAT settings.

    (this is eventually what made the traffic flow, but is wrong)
    -Set route for to the Wan Interface
    -Set route for to the Wan interface
    -Set route for to the LAN interface
    -Set route for to the LAN interface (IP address space of the computer I'm testing with)

    The AWS space has a CIDR of so all but the DMZ subnet ( will point to PFSense for connectivity to the Outside.

    My question: What is the correct way to set my box up for what I am trying to accomplish? The default setup is not working for me and I don't know what it is I need to add. I'm also wondering why the stuff coming in to the LAN interface isn't picking up on the default route in PFSense. The biggest thing I have a problem with is that pseudo default route I put in.

    Any help is appreciated

Log in to reply