  • I have 3 NICs, Wan, Lan & OPT1.

    I want to be able to route traffic between LAN and OPT1 and have internet access from both OPT1 and LAN


    Have created the firewall rules on both LAN & OPT to allow any from any.

    It doesn't work….

    From LAN  can ping and get a reply, but if I ping nothing (but if on the network can ping OK, so computers are OK and not being blocked by a software firewall)
    From OPT can ping and get a reply  but if I ping I don't.
    I have internet access from LAN but not from OPT1, but both subnets are doing DHCP OK

    What am I doing thats stupid?????

    Post a screenshot of your FW Rules ( LAN & OPT1 Tabs ) & NAT - Outbound also of yor DHCP server setting for LAN & OPT1

  • Thanks for the reply.

    • Setup the DNS & GW in your DHCP server ( LAN & OPT1 )

    • Use manual Outbound NAT, and set NAT for:

    LAN to WAN

    OPT1 to WAN

    OPT1 to LAN

    LAN to OPT1

    Create FW Rules for Allow or Block Traffic for each interface

  • Many, many thanks for the reply!

    Can you just explain this pls?

    I don't want to do nat between OPT1 and LAN, I simply want to route the packets….

    The DHCP stuff was OK by default LAN & OPT1 could both use WAN.

  • You don't have to NAT LAN to OPT as pfSense should route that so long as a rule exists to allow traffic. Are you OPT1 Subnet computers getting an IP  address and is the DNS and Gateway the same as the OPT1 interface id? You will also need to create a rule on LAN to allow OPT1 subnet traffic.

  • isn't that what I've done with the rules?

  • Yes, but what have you done on the outbound NAT side?

  • As suggested, manual NAT shouldn't be needed in your case, since pfsense should be routing between LAN and OPT1.

    Does the firewall log (Status -> System Logs -> Firewall) show any blocked traffic?

    PS: Your DHCP server settings are somewhat odd, since you defined two whole /16 (64K addresses) nets yet only assign IPs from a 100 IP addr block within them, but it shouldn't hurt…

  • Yes, DHCP settings are odd, but DHCP is only on for testing purposes. This setup is going to route traffic between two phone systems whose consoles need to talk to each other.

    ahhh… confession time, I've been a knob, but you chaps have pointed me in the right direction & I'm eternally grateful, it seems to be working now.

