NAT issue?

  • Here is my problem;

    pfSense wan interface with a public IP
    pfSense  lan interface  172.16.1.x/24
      the Lan interface is connected to a cisco router that inturn connectes to several 192.168.x.x/24 networks.

    Host on the 192.168.x.x/24 networks CAN connect to the pfSense web interface via the web .  BUT CANNOT connect to the internet .

    I added an host to the 172.16.1.x/24 network and it connects to the internet just fine.

    Any suggestions?

    Thanks in advance.

  • You probably need to add a route to your pfSense box so it knows where to send packets destined for the 192.168.x.x/24 network: On pfSense 2.0 System -> Routing, click on the Routes tab then click on the "+" button to add a new route. (I don't recall the menu path for pfSense 1.2.3) The new route should give the IP address of the Cisco on the network.

  • I already had a static route for 192.168.x.x/16 pointing to (the routers interface).

    Infact the hosts on 192.168.1.x/24 could not access the pfsense until that was done.

    So I'm looking for other ideas.

    Keep the ideas coming.


  • Anything in the firewall log?

  • You can check the firewall log, as suggested, but I think it's probably a default route issue on the Cisco router.

  • I had that same thought.  So I checked the routing table and it show only the 2 networks (directly connected) as expected, and also the default route is pointing out the interface that is connected to the pfsense server.  So the routing table looks good.  I can attach a screenshot if that helps.

  • To the original poster, just to be clear:

    You have added a route on the Cisco router to the pfSense box and a route on the pfSense box to the Cisco router's subnet and all have the correct metrics and other options specified for the two different entries on the two different devices?

    Just checking…
    Take the best and leave the rest.


Log in to reply