Traffic not getting through internal firewall to external firewall

erasedhammer

Using the test port diagnostic on pfsense on my internal firewall I am able to go anywhere on the internet and connect to my edge firewall.

But when I try to use any of the inside interfaces for the test port, everything times out.
I've added firewall rules allow any any and still traffic will not traverse the internal firewall.

The internal firewall is doing the standard dynamic nat (as is the edge firewall, double nat I know) and the edge firewall is set as the gateway on the internal firewall.

What is wrong here?

akuma1x

@erasedhammer You're probably going to have to throw a network diagram up here, with the names, IP addresses and net masks, so we can get a better idea of what's happening. I especially say this because you've got more than 1 router/firewall in/on your network.

Jeff

erasedhammer

I don't have any good drawing software at hand, I'll try to draw it out with text.

DHCP
|
EDGEFW
172.20.5.1/29
|
CISCO 3560
|
172.20.5.2/29
INTFW
10.10.0.1
|
END DEVICES

Any connections works just perfectly if it originated from the wan interface of the internal firewall.
But coming from the end devices nothing gets through.
This internal firewall was working perfectly when connected directly up to the internet, but now that I've moved it back to internal it's just broke ...

erasedhammer

@akuma1x

From the internal firewall, pfsense itself can check for updates and download/upgrade packages just fine.

Is there something I need to change with NAT to get this to work? Let me know any more information you need.
Thanks

erasedhammer

Figured it out!

Went back to check the NAT rules and the automatic ones were gone!
I guess when I change the WAN interface it deletes the automatically generated outbound NAT rules?