Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing Problem fritzbox <> pfsense

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 3 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vanhaakonnen
      last edited by

      Hello,

      I have a PFSense running on an ESXi5 in a dedicated VLAN with a fritbox 6360. All clients are behind the pfsense firewall. Between the fritzbox and pfsense I use 10.0.0.1 for the fritzbox and 10.0.0.2 for pfsense (this is the WAN-Interface of pfsense and marked as Exposed Host on the fritzbox).

      As normal LAN I use 192.168.100.x/24 adresses on the pfsense firewall. All clients have the 192.168.100.1 (lan of pfsense) as default gateway. So I can access from my client (for example 192.168.100.10) the pfsense on lan (192.168.100.1) and wan (10.0.0.2) and the fritzbox (10.0.0.1).

      From behind the pfsense everything is fine. WAN and normal lan are seperated in different vlans.

      If I have another client on the fritzbox network with for example 10.0.0.5 I can acess the fritzbox and WAN-Interface of pfsense but I can´t access the 192.168.100.x network behind pfsense.

      I configured a simple ipv4 route on the fritzbox like network=192.168.100.0 netmask=255.255.255.0 gateway=10.0.0.2. But I can´t get on the 192.168.100.x ips.

      What is wrong there?  :-\

      Thanks

      VanHaakonnen

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        I think the problem is That you configured pfsense to do nat between 10.x network and 192.x.

        Disable nat and test again.

        Also check your wan rules.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • V
          vanhaakonnen
          last edited by

          Thanks!

          I diabled NAT and add a firewallrule for the wan interface. Now I can access clients from both networks :
          Proto * | Source WAN set | Port * | Destination LAN set | Port * | Gateway * | …

          The Clients in the 10.x.x.x and 192.x.x.x network should talk without any firewallrule to eachother. But the "real" wan (internet) comes also from a 10.0.0.1 (Fritzbox). Is this rule a good idea?

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            This way pfSense is acting just like a router, without rules.

            You can specify some rules on wan to protect only 192.x.x.x as internet can reach 10.x.x.x  without passing through pfSense.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • N
              Nachtfalke
              last edited by

              @vanhaakonnen:

              Thanks!

              I diabled NAT and add a firewallrule for the wan interface. Now I can access clients from both networks :
              Proto * | Source WAN set | Port * | Destination LAN set | Port * | Gateway * | …

              The Clients in the 10.x.x.x and 192.x.x.x network should talk without any firewallrule to eachother. But the "real" wan (internet) comes also from a 10.0.0.1 (Fritzbox). Is this rule a good idea?

              I think you are right.

              Internet–--fritzbox--------pfsense------LAN

              when you set a rule on the pfsense interface which is connected to fritzbox like this than traffic FROM Internet is blocked but from netwrok between fritzbox and pfsense is allowed:

              Source port: any
              source ip: WAN subnet
              destination IP: any
              destination port: any

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.