Multiple LAN interfaces

  • Hi to you all,

    I have a hardware that have 5 NICs in it. 2 of them are used for multi-WAN but at the moment we only use one of them. The other 3 runs different LANs.

    All three are running different subnets. The first use
    The second use
    And the third use

    One of the LAN interfaces ( are up and running, no problem what so ever, all servers behind it runs on static IPs

    The second one ( is running a DHCP and the clients get the address but they can't reach the internet. I'm currently only using one WAN and that one is set to be Default Gateway.

    The computers on the second LAN( interface can reach pfsense via https and they can ping it but they can't reach the internet.
    I have checked and double-checked the firewall-rules. I have only one rule on that interface and that a "allow to any".

    I've read something about Advanced outbound NAT, I've tried to check that box but I don't understand the rule-settings for that option. Is the AoN the issue at all?

    Can someone please help me with this?

    Best regards

    Johan Skott

  • Can you show a screenshot of all your rules?

  • It sounds like your second network ( might not be getting translated via NAT when exiting the WAN port.  You can verify your default gateway is working on that subnet by pinging any of the servers on your other private network connected to pfSense.  If those pings are successful, that verifies that your second network is able to route to and through the default gateway (the pfSense box itself.)

    From what I've read and experienced from using it, pfSense should automatically NAT all LAN-type interfaces to the WAN port IP address.  You mentioned having two WAN ports, but that you're not using the one.  Is it disabled?  If not, try disabling it and see if you can get out to the Net from your private network then.  It's possible that pfSense might just be getting confused.

    It's also possible that for some reason pfSense is just not NATing the traffic from your second LAN interface.  You can use the Advanced outbound NAT to force that network to be translated via the WAN IP.

    I've attached an image to this post, if you setup AoN using those settings, it should (in theory) work.

    To shed some light on the situation, the main reason you'd use AoN is if you've got a LOT of internal users, more than can be used by a single WAN IP, you can use AoN to spread the translations among several public IP addresses.  You can also use the AoN if you just want to setup all your NAT rules by hand, rather than let pfSense do it for you.

    On a last note, if you do try the settings below and they get your 2nd LAN onto the Net, but you find that the 1st LAN no longer can, it's probably because you'll need to add another rule just like the one in the image but replacing the 2nd LAN subnet address with the 1st LAN subnet address.  (I'm not sure if turning on AoN for one subnet automatically disables Automatic NAT for ALL interfaces, or only for the one specified.)

    In any case, just take screenshots of the screen before you make changes, then you can see what it was like beforehand if you need to revert it back to its original state.

Log in to reply