Multi LAN - Single Wan



  • im using 1.2.3-RELEASE

    WAN 1 –- pfsense server(90.0.0.1) ------ LAN 1 (90.0.0.0/24)

    this is my previous setup and no problem at all, been using it for 1 years already...now after upgrade our LAN and using lease line, the provider has set new subnet which is 90.0.1.0/24

    WAN --- pfsense server(90.0.0.1) ------ LAN 1 (90.0.0.0/24)
                                                    ------ LAN 2 (90.0.1.0/24)

    ive add on static routes
    Interface    Network     Gateway
    LAN       90.0.1.0/24       90.0.0.201

    the ip 90.0.0.201 is created by our vendor, the problem is, i cant set up the LAN to to access our internet (WAN1). Im not sure what im doing wrong here, issit because im using squid lusca cache? i already add access control > allowed subnet 90.0.0.0/24 and 90.0.1.0/24. Still i cant allow LAN2 access WAN1


  • Rebel Alliance Developer Netgate

    You probably just need to switch to Manual Outbound NAT and then add a rule in to NAT the second LAN network to WAN (just copy the rule for the LAN subnet and adjust the subnet)



  • thanks for the reply…

    after change it to manual NAT..there one entry has been created.

    Interface  Source  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port  Description 
    WAN  90.0.0.0/24 * * * * * NO Auto created rule for LAN

    and ive add

    WAN  90.0.0.0/24 * * * * * NO Auto created rule for LAN2

    am i doing right things here?

    btw, can this rules manage to get the LAN2 appear on ARP Table? ive manage to modify the ARP Tables to get my whole network MAC address to prevent some user might change their own IP address..


  • Rebel Alliance Developer Netgate

    That second line (the one for LAN2) should have a subnet of 90.0.1.0/24.

    And no, if 90.0.1.0/24 is only reachable by a router, then MAC addresses for that subnet will not show up in the ARP table.



  • opps..sorry..yep..its 90.0.1.0/24  :o my bad..

    is there any way i can get their mac address? what about proxy/lusca_cache.. will LAN 2 get cached too?


  • Rebel Alliance Developer Netgate

    You'd need to add that subnet into an ACL for squid, I don't use the lusca version so I can't say what that might entail.

    No way to get their MAC unless everything was in one large subnet without an intermediate router.



  • what about static routes? do i need to apply that also?
    here my current?

    Interface  Network  Gateway
    LAN 90.0.1.0/24 90.0.0.201


  • Rebel Alliance Developer Netgate

    Not sure what you're asking about applying them to. NAT? Squid? You don't need to do anything to them for static routes



  • my squid seems didnt capture anythin via lightsquid..
    same goes for LAN2, still cant access anything on WAN (internet)

    not sure what i missed here..



  • SQUID seems didnt work for LAN2


  • Rebel Alliance Developer Netgate

    Did you add the LAN2 subnet to squid's list of authorized networks/subnets?



  • @jimp:

    Did you add the LAN2 subnet to squid's list of authorized networks/subnets?

    yep..ive already add that into that…
    90.0.1.0/24
    still cant get LAN2 go through the net via LAN1 -> WAN



  • updated with attached layout



  • Same Problem with me.

    I'm using pfsense 1.2.3 release.

    I have LAN(10.10.254.0/24) ,virbr2_ES(10.10.4.0/24), virbr0_SS(10.10.2.0/24),1 WAN(dhcp 192.168.2.0/24).

    NAT rules:

    WAN   10.10.254.0/24 * * * * * NO Auto created rule for LAN
    WAN   10.10.4.0/24 * * * * * NO rule for virbr2_ES
    WAN   10.10.2.0/24 * * * * * NO rule for virbr0_SS

    Firewall is friendly and blocks nothing.
    DNS forwarder is active.

    Mysterius things happens:
    from LAN:

    nslookup www.google.de
    Server: 10.10.254.1
    Address: 10.10.254.1#53

    ** server can't find www.google.de: REFUSED

    –-----and minutes later-------

    nslookup www.google.de
    Server: 192.168.2.100
    Address: 192.168.2.100#53

    Non-authoritative answer:
    www.google.de canonical name = www.google.com.
    www.google.com canonical name = www.l.google.com.
    Name: www.l.google.com
    Address: 74.125.79.104
    Name: www.l.google.com
    Address: 74.125.79.147
    Name: www.l.google.com
    Address: 74.125.79.99

    the same on all "LANs", sometimes it works and sometimes not ??
    DNS is not the only Problem.
    When it works I could resolve names but from the opt interfaces virbr2_ES and virbr0_SS
    sometimes i can ping in the internet(www.heise.de) and sometimes not.

    Some Idears?



  • My Static Rules is
    Interface : LAN
    Destination network : 90.0.1.0/24
    Gateway : 90.0.0.201

    yet still i cant manage to get my LAN2 connect to the internet.

    here my manual outbound.

    ![Firewall NAT Outbound.jpg](/public/imported_attachments/1/Firewall NAT Outbound.jpg)
    ![Firewall NAT Outbound.jpg_thumb](/public/imported_attachments/1/Firewall NAT Outbound.jpg_thumb)


Locked