• Hello

    I use Pfsense box (1.2.2 release) to connect multiple private site. Each distant site use RFC1918 IP address network.
    My LAN network respect RFC1918 also.

    I use router1 IP address as gateway on pfsense box and i define a static route for site2.
    I disable Block private networks and Block bogon network on each network interface.

    My LAN server can contact all host (SITE1 and SITE2)
    ALL host on site1 ( can connect to Lan server (
    But Site2 have some touble….

    In fact, when i sniff traffic on PFsense WAN interface, i see the traffic come in and answers come out.
    The answer traffic works like if it doesnt use static route.

    I make different test:

    • If i change the WAN ip address on PFsense box for router2 IP address, the problem is the same with SITE1 (so bad idea)
    • If i define site2 IP route on router1 it work for site2 (in fact my only solution but not possible)
    • If i disable firewall option in PFsense it's work (ok but i need firewall)

    Pfsense react like if for RFC1819 answers traffic on WAN interface it doesnt use static route.

    I rapidely check with a old version of pfsense ( before 1.0)  and it seen to works fine!

    Bug ?? or any idea ?




    SITE1 ( <----O----           
                                                  |                  ---------
                                                  |----WAN ---|Pf sense |---- LAN -----------(
                                                  |                  ---------                |
    SITE2 ( <----O----                                              ---
                                      router2                                                [  ] Lan Server

  • What is your WAN wan addressing scheme? One way to do this is to use a separate shared subnet for the WANs:
                  router1          r1wan=
    SITE1 ( <–--O----  
                                                  |                  ---------
                                                  |----WAN ---|Pf sense |---- LAN -----------(
                                                  |                  ---------                |
    SITE2 ( <----O----                                              ---
                                      router2 r2wan=                            [  ] Lan Server

    Then your static routes route the remote lan via the site's wan ip.

  • Yes i use the same ip address  like in your scheme
    in your sample i use as gateway and i define for join

    I think it's not a routing problem cause if i disable firewall it's work fine.

  • What are your outbound NAT settings? I'd think in your case, you would use AON and delete the default rule.

  • I dont use NAT. Only routing
    my wan network is a private network

  • That's what I meant. Just wanted to make sure you had deleted the default rule, as pfsense by default NATs the LAN range over the WAN.

  • Yes the default NAT was delete

    perhaps i need to post in firewalling section ?

  • No idea ?

  • That's all I got. It's not a configuration I have deployed. You could try checking the box 'bypass firewall rules for traffic on the same interface' under advanced.

  • this option was already enabled

    If i check Disable all packet filtering option routing is ok