Routing problem - Two pfsense, Two wans
axelp last edited by
I have problem with routing in pfSense. In attachment there is the network diagram (network addresses are changed from original configuration).
There is problem with routing. Now if I would like to access Server 1 WAN address from LAN2 the connection goes using IPS WAN routers:
- 192.168.1.x (source client)
(- 220.127.116.11) (PROXY ARP - VIRTUAL IP)
So I added static routing using connection 192.168.50.0 between routers.
I've added in pfSense router 2:
dest network: 18.104.22.168/24
nex hop: 192.168.50.1
And in pfSense router 2:
dest network: 100.100.100.0/24
nex hop: 192.168.50.2
On router 1 and router 2 there is disabled "Disable reply-to on WAN rules" option.
I've added also rules on 192.168.50.0/24 link firewall to permit connections.
And it partialy works:
- when I connect from LAN2 host (eg. 192.168.1.x) to SERVER1 (22.214.171.124) the connection is made using 192.168.50.0 link (OK)
- when I connect from server2 (192.168.1.254, VIRUTAL IP: 100.100.100.200) to server1 the connection goes thru IPS WAN routers (NOT 192.168.50.0 LINK!)
I think, the problem is the Virtual IP and NAT 1:1?
Does anyone have idea why I can't connect from server2 to server1 using local link 192.168.50.0 even is static routing rules are set?
tacfit last edited by
I would think your problem is that both pfsense boxes have networks 192.168.1.x… so packets are being routed to the local subnet, rather than the other one. Maybe I'm off though...
axelp last edited by
Thanks for answer.
I set up additionaly outbond NAT on link 192.168.50.0/24:
- on router 1: outbound nat from 192.168.1.0/24 to any (via interface assigned to 192.168.50.0/24 network - OPT) NAT'ed to 192.168.50.1
- on router 2: outbound nat from 192.168.1.0/24 to any (via interface assigned to 192.168.50.0/24 network - OPT) NAT'ed to 192.168.50.2
And it doesn't work with NAT 1:1…
I can connect to 126.96.36.199:25 from LAN2 only if additionaly to NAT 1:1 i configure port forward (Firewall->NAT->port forward) to 188.8.131.52:25 (using Virutal IP)
Any idea how to make NAT 1:1 work in this scenario?