Access to new interface
-
Hi. Im not sure if this should be under the firewall or routing topic, so posted it here instead.
I have a simple pfSense running. One Lan (192.168.8.1/24) and one Wan (217.x.x.x/29) - this works just fine.
Now im trying to add a 3nd network (to replace my Wan at one point) (192.168.1.0/24)
So i have added a new interface with ip address 192.168.1.1/24 - i have a 5G router on that net with address .2
I can successfully "test port" from pfSense to the 5G router.. that seems to be working
on the firewall i have added a rule to the top to allow all traffic to "5G subnets" with logging.
from my lan when i try to open a webpage on the router, it never returns and the log just shows "TCP:S"
So im thinking i must be missing something, but i cannot figure out what that should be.
on the 5G interface i have tried to add up-stream router (the .2 address) but that didnt help.
Any pointers would be much appreciated.
Thanks
-
You have set up the new interface as an internal interface so there is no outbound NAT on it. The 5G router cannot reply to requests from the 192.168.8.X subnet because it has no route to it.
You need to setup that interface as a WAN by adding 192.168.1.2 as a gateway on the interface config.
That will then add automatic outbound NAT rules for traffic from the LAN subnet to 192.168.1.X.
-
@stephenw10 Thanks, that was what i were missing... Didnt think i needed that until i were to use it as a gateway...
A follow-up question:
I can either do a "1:1 nat" or an "outbound nat". What would be the best approach on this when the 5G router is also doing nat? -
Unless you need to accept inbound connections there it should only be an outbound NAT rule. Even if you did have inbound connections a port forward is often better.
You shouldn't need to manually add any rules though as long as the gateway is added into the new interface. That will trigger the auto outbound rule to be added.
