1 WAN/Multiple LAN Subnet Routing problem???



  • I've known of pfsense for a long time, but today is the first time trying it out.
    I'm currently rebuilding my lab network, which used to consist of FreeBSD v7.2 as a firewall/router, and 2 Vyatta v4 routers.
    Everyone played nice, and things were great.
    I'm rebuilding the network using pfsense 1.2.2 and 1 Vyatta v5  router that sits on multiple networks.
    The network is basically the same as how it was built before, but for some reason, I cannot figure out why clients behind the router cannot ping the internet.

    Here is a simplified diagram of the network ->
    http://imagebin.ca/view/jPPqsh8.html

    The client PC can ping the vyatta router, can ping the firewall, but cannot ping the internet.
    I'm using the RIP protocol on both pfsense and vyatta to figure to out the routing.
    I do not remember if I did anything else special, but for some reason, I cannot get the clients to ping past the firewall.  I modified the firewall rules so that it doesn't block the internal LAN.

    I can ping the IP address of the modem, but cannot get to my ISP's gateway.
    I believe I have a routing issue.  Here is what my routing table looks like ->
    http://imagebin.ca/view/0_NovTpA.html

    Can anyone see what my problem is and suggest a fix.

    Thanks



  • I figured out the problem.
    I turned off Automatic outbound NAT, and set an appropriate source range, and it automagically started working.
    Thanks for looking..



  • Hmm.
    Not sure why you have this behaviour.
    According to cmb:
    @http://forum.pfsense.org/index.php/topic:

    All locally connected subnets, whether locally attached or configured via static route automatically have outbound NAT rules created for every WAN interface. This is true in 1.2 RC versions and newer at least, probably some 1.2 beta releases prior to RC. I don't recall exactly when it was added but it's been that way for a while. You only need AON if you require static port or have some complex NAT needs requiring you to disable the aforementioned automatic behavior.

    the outbound NAT rule should automatically be created.
    Maybe it doesn't work automatically because the route is added via RIP.


Log in to reply