• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

how to allow access from wan subnet

Scheduled Pinned Locked Moved NAT
8 Posts 4 Posters 1.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jacobosbourne
    last edited by Feb 11, 2022, 6:22 PM

    First my networking knowledge is low, which is why I am practicing on pfsense.

    My pefsense box wan is on 192.168.1.0 subnet. This subnet is my regular home network. I want devices on 192.168.1.0 subnet to communicate with devices on my pefsense lan which is on 192.168.5.0 subnet.

    I am not sure how to do this.

    I hope you understand what I am trying to do.

    N 1 Reply Last reply Feb 11, 2022, 6:41 PM Reply Quote 0
    • N
      NogBadTheBad @jacobosbourne
      last edited by NogBadTheBad Feb 11, 2022, 6:44 PM Feb 11, 2022, 6:41 PM

      @jacobosbourne Are you trying to route traffic from 192.168.1.0/24 to the LAN behind your pfSense router.

      If it’s internet traffic to your LAN subnet your problem is the WAN router is using a non routable IP address.

      I’m guessing you have another router upstream.

      Can you put the upstream router into modem mode?

      Andy

      1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

      J 1 Reply Last reply Feb 11, 2022, 6:49 PM Reply Quote 0
      • J
        jacobosbourne @NogBadTheBad
        last edited by Feb 11, 2022, 6:49 PM

        @nogbadthebad I can’t change it, I have other devices receiving ips from it.

        All I really wanna do is allow my main computer which is 192.168.1.17 (same subnet as wan on pfsense) communicate with devices on 192.168.5.0 subnet (pfsense lan subnet)

        N S 2 Replies Last reply Feb 11, 2022, 7:05 PM Reply Quote 0
        • N
          NogBadTheBad @jacobosbourne
          last edited by NogBadTheBad Feb 11, 2022, 7:13 PM Feb 11, 2022, 7:05 PM

          @jacobosbourne Disable Block private networks and loopback addresses via Interfaces -> WAN its at the bottom.

          Add a WAN rule to allow 192.168.1.0/24 to LAN net.

          Add a static route on your router connected to the internet for the LAN network pointing to your pfsense WAN interface

          Then you'll need have a look at nat or disable it.

          Does 192.168.1.17 have two network ports might be easier to dual connect it if it has.

          https://www.netgate.com/resources?type=Videos

          Andy

          1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

          J 1 Reply Last reply Feb 11, 2022, 7:52 PM Reply Quote 0
          • S
            SteveITS Galactic Empire @jacobosbourne
            last edited by Feb 11, 2022, 7:05 PM

            @jacobosbourne On Interfaces/WAN uncheck "Block private networks and loopback addresses." Then ensure you have a NAT rule on WAN allowing it.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 0
            • J
              johnpoz LAYER 8 Global Moderator @NogBadTheBad
              last edited by Feb 11, 2022, 7:52 PM

              @nogbadthebad said in how to allow access from wan subnet:

              Add a static route on your router connected to the internet for the LAN network pointing to your pfsense WAN interface

              This almost never going to work with just a soho wifi router because they are going to have hosts on this network, and its not a true transit network - they will end up with asymmetrical traffic flow.. If all you have is a soho wifi router and no way to actually create a transit network. Your best best it to just let pfsense downstream nat. And use port forward, and yes you would have to turn off the block rfc1918 network on pfsense wan.

              Best is to put pfsense at the edge and then use your old wifi router as just an AP then you can have multiple networks behind pfsense.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              N 1 Reply Last reply Feb 11, 2022, 7:57 PM Reply Quote 0
              • N
                NogBadTheBad @johnpoz
                last edited by Feb 11, 2022, 7:57 PM

                @johnpoz said in how to allow access from wan subnet:

                @nogbadthebad said in how to allow access from wan subnet:

                Add a static route on your router connected to the internet for the LAN network pointing to your pfsense WAN interface

                This almost never going to work with just a soho wifi router because they are going to have hosts on this network, and its not a true transit network - they will end up with asymmetrical traffic flow.. If all you have is a soho wifi router and no way to actually create a transit network. Your best best it to just let pfsense downstream nat. And use port forward, and yes you would have to turn off the block rfc1918 network on pfsense wan.

                Best is to put pfsense at the edge and then use your old wifi router as just an AP then you can have multiple networks behind pfsense.

                Yup, he could add the static route on 192.168.1.17.

                Andy

                1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                J 1 Reply Last reply Feb 11, 2022, 8:12 PM Reply Quote 0
                • J
                  johnpoz LAYER 8 Global Moderator @NogBadTheBad
                  last edited by Feb 11, 2022, 8:12 PM

                  @nogbadthebad said in how to allow access from wan subnet:

                  Yup, he could add the static route on 192.168.1.17.

                  Yeah if your going to have hosts on your transit you would need to do host routing.. Its a hack, not a true setup anyone should want. When its simple enough to set it up correctly.

                  To be honest you would almost never actually want/need a downstream router, your going the wrong direction that way to be honest. Just replace your edge with pfsense, use your old wifi router as just an AP as the transition phase until you can get AP that allow vlan and switches that can as well if you want to setup a real network ;)

                  Yes in a large enterprise network you would see routing done internally all the time vs just at the edge.. But in a small network or home or home with lab setup just doesn't really make sense other than a learning experience. And if your wanting to learn, then do it correctly with a transit network.. Sure if you want to play with why it doesn't work when you have hosts on a transit and the asymmetrical traffic flow that will result - sure have at it.. But I would set it up correctly, then break it with putting hosts on your transit and see why the asymmetrical flow is not good when you have stateful firewalls also in play..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  8 out of 8
                  • First post
                    8/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received