Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense Can't Pass traffic from its WAN port to host in LAN network

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 595 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      haydar.rezaie
      last edited by

      I have a topology that contains a VPS which is our production server another VPS which is a Pfsense firewall. I have created a local subnet 192.168.102.0/24 and the IP address of my production server is 192.168.102.2/24, the Pfsense has the IP address of 192.168.102.3/24 both have the gateway 192.168.102.1/24.

      I have disabled the WAN NIC of my server and want to route all my traffic through the Pfsense firewall.

      I also do port forwarding for allowing ssh from the internet and also added the rules but it is not working.

      when I put tcpdump on the firewall I see the traffic which reaches LAN but the traffic does not reach my production server.

      I also have the same issue when I tested the IPsec tunnel, packets from the other side reach to LAN interface of the firewall and do not cross it to the production server.

      is there anyone that had the same issue with routing of traffic?
      network.png

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @haydar.rezaie
        last edited by

        @haydar-rezaie said in Pfsense Can't Pass traffic from its WAN port to host in LAN network:

        when I put tcpdump on the firewall I see the traffic which reaches LAN but the traffic does not reach my production server.

        I rather think, the packets would reach the server though, but the server will send responses to the gateway instead of back to pfSense.

        If you want to direct the whole upstream traffic to pfSense change the default gateway to the pfSense IP.

        H 1 Reply Last reply Reply Quote 0
        • H
          haydar.rezaie @viragomann
          last edited by haydar.rezaie

          I have added an IPV4 subnet 192.168.102.0/24 using Hetzner panel and when I added resources to that subnet (my server and my pfsense firewall) automatically assigned IP of 102.1 as a gateway ( maybe it is a virtual SW that hetzner create it for further routing between different subnets) for both devices and it was not working fine after I changed the gateway of my server to 102.3 (IP of firewall) now connectivity is OK. and I also put tcpdump on my server but no packet reach my server when I am trying to reach it from the internet but i can ping 102.3 from 102.2 and vice versa.

          from the internet, my packet reaches 102.3 and was stuck there.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.