Multi LAN - Single Wan

  • im using 1.2.3-RELEASE

    WAN 1 –- pfsense server( ------ LAN 1 (

    this is my previous setup and no problem at all, been using it for 1 years after upgrade our LAN and using lease line, the provider has set new subnet which is

    WAN --- pfsense server( ------ LAN 1 (
                                                    ------ LAN 2 (

    ive add on static routes
    Interface    Network     Gateway

    the ip is created by our vendor, the problem is, i cant set up the LAN to to access our internet (WAN1). Im not sure what im doing wrong here, issit because im using squid lusca cache? i already add access control > allowed subnet and Still i cant allow LAN2 access WAN1

  • Rebel Alliance Developer Netgate

    You probably just need to switch to Manual Outbound NAT and then add a rule in to NAT the second LAN network to WAN (just copy the rule for the LAN subnet and adjust the subnet)

  • thanks for the reply…

    after change it to manual NAT..there one entry has been created.

    Interface  Source  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port  Description 
    WAN * * * * * NO Auto created rule for LAN

    and ive add

    WAN * * * * * NO Auto created rule for LAN2

    am i doing right things here?

    btw, can this rules manage to get the LAN2 appear on ARP Table? ive manage to modify the ARP Tables to get my whole network MAC address to prevent some user might change their own IP address..

  • Rebel Alliance Developer Netgate

    That second line (the one for LAN2) should have a subnet of

    And no, if is only reachable by a router, then MAC addresses for that subnet will not show up in the ARP table.

  • opps..sorry..yep..its  :o my bad..

    is there any way i can get their mac address? what about proxy/lusca_cache.. will LAN 2 get cached too?

  • Rebel Alliance Developer Netgate

    You'd need to add that subnet into an ACL for squid, I don't use the lusca version so I can't say what that might entail.

    No way to get their MAC unless everything was in one large subnet without an intermediate router.

  • what about static routes? do i need to apply that also?
    here my current?

    Interface  Network  Gateway

  • Rebel Alliance Developer Netgate

    Not sure what you're asking about applying them to. NAT? Squid? You don't need to do anything to them for static routes

  • my squid seems didnt capture anythin via lightsquid..
    same goes for LAN2, still cant access anything on WAN (internet)

    not sure what i missed here..

  • SQUID seems didnt work for LAN2

  • Rebel Alliance Developer Netgate

    Did you add the LAN2 subnet to squid's list of authorized networks/subnets?

  • @jimp:

    Did you add the LAN2 subnet to squid's list of authorized networks/subnets?

    yep..ive already add that into that…
    still cant get LAN2 go through the net via LAN1 -> WAN

  • updated with attached layout

  • Same Problem with me.

    I'm using pfsense 1.2.3 release.

    I have LAN( ,virbr2_ES(, virbr0_SS(,1 WAN(dhcp

    NAT rules:

    WAN * * * * * NO Auto created rule for LAN
    WAN * * * * * NO rule for virbr2_ES
    WAN * * * * * NO rule for virbr0_SS

    Firewall is friendly and blocks nothing.
    DNS forwarder is active.

    Mysterius things happens:
    from LAN:


    ** server can't find REFUSED

    –-----and minutes later-------


    Non-authoritative answer: canonical name = canonical name =

    the same on all "LANs", sometimes it works and sometimes not ??
    DNS is not the only Problem.
    When it works I could resolve names but from the opt interfaces virbr2_ES and virbr0_SS
    sometimes i can ping in the internet( and sometimes not.

    Some Idears?

  • My Static Rules is
    Interface : LAN
    Destination network :
    Gateway :

    yet still i cant manage to get my LAN2 connect to the internet.

    here my manual outbound.

    ![Firewall NAT Outbound.jpg](/public/imported_attachments/1/Firewall NAT Outbound.jpg)
    ![Firewall NAT Outbound.jpg_thumb](/public/imported_attachments/1/Firewall NAT Outbound.jpg_thumb)

Log in to reply