Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Simple routing question pfsense in lan as gateway for vlan

    Scheduled Pinned Locked Moved Routing and Multi WAN
    8 Posts 2 Posters 735 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vlan1
      last edited by vlan1

      Im trying to setup a mixed setup, i have my isp upstream router and added a pfsense to my lan.

      Then i setup a vlan on the pfsense and added a client 192.168.2.100 to it.

      The vlan client can access the wan over my isp router and also access lan clients.

      But my lan clients cant access the vlan client. I added a static route to my isp router and set pfsense as gateway, but it seems im missing something else ? Do i need to nat ?

      Firewall is off for now to debug, but later i will restrict access from lan to vlan and vice versa.

      diagramm.png

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        That would be asymmetrical and problematic at best.. If you want a downstream router, then it needs to be connected via a transit network so your not asymmetrical. I doubt your fritzbox can do that?

        For you to get to stuff behind pfsense doing nat you would need to use port forwarding, and access the wan IP of pfsense from devices in the 192.168.1 network.

        Or you could do host routing. where 192.168.1.15 has route to 192.168.1.10 to get to 192.168.2/X. If your pfsense is not doing nat. But if its not doing nat - not sure how your fritzbox would nat anything coming from the 192.168.2 network.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • V
          vlan1
          last edited by vlan1

          Thanks for your fast reply, so it seems not to be possible.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Just use port forwarding - this works out of the box.. With nothing special to do on anything other than setup the port forward on pfsense.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            V 1 Reply Last reply Reply Quote 0
            • V
              vlan1 @johnpoz
              last edited by vlan1

              That would be a solution for simple things like exposed services (reverse proxy, etc.)

              But I wanted to use pfsense for vlan support and setup multiple vlans that should be able to interact with my lan and vice versa directly. It would not be beneficial to manage port forwarding for this.

              Guess my only option is to use pfsense as main gateway and put the fritzbox behind it.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz

                Unless your upstream router supports vlans and can create a transit network, and do nat for downstream networks.. Then yeah.

                No you can not do big boy networking, with home user toys ;) I do not believe there is even 1 soho router on the market that allows for even basic vlans.. Unless you run 3rd party firmware on it.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                V 1 Reply Last reply Reply Quote 0
                • V
                  vlan1 @johnpoz
                  last edited by

                  Sadly the fritzbox doesnt support vlans nor nat, thats why I setup the pfsense in the first place.

                  I was thinking I could use the pfsense somehow as gateway and thus still keep my wifi on the fritzbox to not spend money on a access point.

                  Anyway thanks for your support.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    Just get an AP and put your whole network behind pfsense.. Real networking cost a few bucks - but you can do it on the cheap..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.