Can’t connect to another pfSense on WAN but can to a regular router
-
Hey folks,
due to desired cable routing on my property (which I can not change) I want to install another instance of pfSense before WAN of my main pfSense. Just because of an IP camera which I want to restrict . I tested this setup with an Arris router — I can access it and device connected to it while I’m on my main pfSense network.
So the test setup is
Internet unplugged
Arris router’s LAN (with a test device) connected to WAN of pfSense
I am on LAN of pfSense
I can ping Arris from my laptop and access its web interface (and test device too)Arris on default settings — Firewall On, “Routed with NAT”
BUT!
If I replace Arris with another pfSense — it doesn’t work no matter which rules I add on both pfSenses. Yes I didn’t try everything maybe, but did all that I knew of, just to try )) I allow everything from everything (not just from LAN) on pre-WAN’s box LAN firewall rules — no luck. I add specific rule (on that pre-WAN pfSense) for my laptop IP — all the same. I can ping that “pre-WAN pfSense” from my main pfSense Diagnostics > Ping page, but not from my laptop. I thought maybe it’s because of “block private networks” on WAN, but it didn’t prevent me to connect to Arris router and its devices when it was connected to the same WAN interface.
I guess it’s something evident that I miss, could you guys help me to figure this out ))
Thank you!
Roman -
@throttlenerd What is the IP range of the Arris router LAN interface and what is it on the LAN on the pfSense?
pfSense by default uses 192.168.1.0/24 and if both pfSense use the default LAN network (e.g. if both use 192.168.1.0/24) it won't work unless you change one of the LANs to another subnet.
-
@patient0 Hi! Arris and pre-WAN pfSense are set up for the same IP range on their LANs (but of course they're not connected to my main pfSense simultaneously) and my other networks differ -- there is no IP conflict
