Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing problem - Two pfsense, Two wans

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      axelp
      last edited by

      Hello,

      I have problem with routing in pfSense. In attachment there is the network diagram (network addresses are changed from original configuration).

      There is problem with routing. Now if I would like to access Server 1 WAN address from LAN2 the connection goes using IPS WAN routers:
      traceroute:

      • 192.168.1.x (source client)
      • 192.168.1.1
      • 100.100.100.1
        (isp routers)
      • 90.90.90.1
        (- 90.90.90.2) (PROXY ARP - VIRTUAL IP)
      • 90.90.90.200

      So I added static routing using connection 192.168.50.0 between routers.
      I've added in pfSense router 2:
      interface:WAN
      dest network: 90.90.90.0/24
      nex hop: 192.168.50.1

      And in pfSense router 2:
      interface:WAN
      dest network: 100.100.100.0/24
      nex hop: 192.168.50.2

      On router 1 and router 2 there is disabled "Disable reply-to on WAN rules" option.
      I've added also rules on 192.168.50.0/24 link firewall to permit connections.

      And it partialy works:

      • when I connect from LAN2 host (eg. 192.168.1.x)  to SERVER1 (90.90.90.200) the connection is made using 192.168.50.0 link (OK)
      • when I connect from server2 (192.168.1.254, VIRUTAL IP: 100.100.100.200) to server1 the connection goes thru IPS WAN routers (NOT 192.168.50.0 LINK!)

      I think, the problem is the Virtual IP and NAT 1:1?

      Does anyone have idea why I can't connect from server2 to server1 using local link 192.168.50.0 even is static routing rules are set?

      Please help..
      Best regards
      mofo-diagram.png
      mofo-diagram.png_thumb

      1 Reply Last reply Reply Quote 0
      • T Offline
        tacfit
        last edited by

        I would think your problem is that both pfsense boxes have networks 192.168.1.x… so packets are being routed to the local subnet, rather than the other one. Maybe I'm off though...

        1 Reply Last reply Reply Quote 0
        • A Offline
          axelp
          last edited by

          Thanks for answer.
          I set up additionaly outbond NAT on link 192.168.50.0/24:

          • on router 1: outbound nat from 192.168.1.0/24 to any (via interface assigned to 192.168.50.0/24 network - OPT) NAT'ed to 192.168.50.1
          • on router 2: outbound nat from 192.168.1.0/24 to any (via interface assigned to 192.168.50.0/24 network - OPT) NAT'ed to 192.168.50.2

          And it doesn't work with NAT 1:1…

          I can connect to 90.90.90.200:25 from LAN2 only if additionaly to NAT 1:1 i configure port forward (Firewall->NAT->port forward) to 90.90.90.200:25 (using Virutal IP)

          Any idea how to make NAT 1:1 work in this scenario?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.