Routing LAN to Multiple Routers
-
Hi, I am having an issue with routing the LAN of multiple PFSense Routers to each Router. Basically, I want to have the LAN of each router accessible from all routers that share the same WAN connection. Attached I have a diagram that shows 6 PFSense routers that all share the same WAN network so each router can easily see one another. Each router also has its own LAN subnet that is different from all other routers. The Main Router is a Fortinet Router that we do not have access to and cannot make any changes. This is why we are using 6 separate PFSense routers to get around the limited "WAN" network. The Fortinet router provides internet to each PFSense router so that is the Default Gateway.
What I have tried to make this work is set static routes to each routers LAN network and made the Default Gateway its WAN IP address. This was not working so I looked to the NAT settings. I saw that the Hybrid NAT I was using prevented the PFSense LAN from properly routing so I set it to manual and applied a "NOT" setting for all LAN networks on the main NAT rule. That way it would continue to masquerade the LAN except the networks I was trying to route to. After that change, I started to see the traffic leave one router and attempt reach a device on the other routers, but that is where it stopped. I could not get traffic to respond back. After a quick google search, I was able to see a function in Advanced/Firewall & NAT/Bypass firewall rules for traffic on the same interface that should allow the TCP packets to remain state full (from what I understand) but this also did not work. I forgot to mention that I have also included the proper firewall rules on both the WAN and the LAN to allow for all LAN nets to communicate in and out.
I am at a loss on how to make this work without just using a VPN to make things easy for routing (Which I am using temporary so the site continues to function). When I configured EdgeRouters to route as described, it was extremely simple so I am not sure what I am doing wrong with PFSense. Any help would be appreciated!
-
@csardoss
If the traffic between the routers is not filtered on the main router, it should be sufficient to add static routes on each for all LANs and disable the outbound NAT for these subnets.Consider to remove check at "block private networks" in the WAN settings on all routers.
-
@viragomann Thanks for the reply. I disabled this on the WAN for all routers and configured the Outbound NAT as well but I cannot get a full connection.
-
@csardoss said in Routing LAN to Multiple Routers:
but I cannot get a full connection.
What does this mean?
Do it work partially?If the mentioned settings are done well I'd suspect, that the destination device is blocking the access.
To get a step beyond sniff the traffic on one pfSense on LAN with Diagnostic > Packet Capture, while you access a device from another LAN.
If you can see the expected traffic sniff on WAN.
Post what you get, please. -
@viragomann What I mean is I can see the traffic leave one router and enter the other but I cant establish the full connection. Basically Router A devices request data from a Router B device Device from router A will make it to Router B device but Router B device does not respond back. I have also tried this in reverse (Router B to A) and I cannot get 2-way communication.
I will have to work on the packet sniffing later. Thank you for the help!