• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Routing Problem fritzbox <> pfsense

Scheduled Pinned Locked Moved Routing and Multi WAN
5 Posts 3 Posters 3.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • V
    vanhaakonnen
    last edited by Jan 28, 2012, 4:10 PM

    Hello,

    I have a PFSense running on an ESXi5 in a dedicated VLAN with a fritbox 6360. All clients are behind the pfsense firewall. Between the fritzbox and pfsense I use 10.0.0.1 for the fritzbox and 10.0.0.2 for pfsense (this is the WAN-Interface of pfsense and marked as Exposed Host on the fritzbox).

    As normal LAN I use 192.168.100.x/24 adresses on the pfsense firewall. All clients have the 192.168.100.1 (lan of pfsense) as default gateway. So I can access from my client (for example 192.168.100.10) the pfsense on lan (192.168.100.1) and wan (10.0.0.2) and the fritzbox (10.0.0.1).

    From behind the pfsense everything is fine. WAN and normal lan are seperated in different vlans.

    If I have another client on the fritzbox network with for example 10.0.0.5 I can acess the fritzbox and WAN-Interface of pfsense but I can´t access the 192.168.100.x network behind pfsense.

    I configured a simple ipv4 route on the fritzbox like network=192.168.100.0 netmask=255.255.255.0 gateway=10.0.0.2. But I can´t get on the 192.168.100.x ips.

    What is wrong there?  :-\

    Thanks

    VanHaakonnen

    1 Reply Last reply Reply Quote 0
    • M
      marcelloc
      last edited by Jan 28, 2012, 4:30 PM

      I think the problem is That you configured pfsense to do nat between 10.x network and 192.x.

      Disable nat and test again.

      Also check your wan rules.

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • V
        vanhaakonnen
        last edited by Jan 28, 2012, 4:47 PM

        Thanks!

        I diabled NAT and add a firewallrule for the wan interface. Now I can access clients from both networks :
        Proto * | Source WAN set | Port * | Destination LAN set | Port * | Gateway * | …

        The Clients in the 10.x.x.x and 192.x.x.x network should talk without any firewallrule to eachother. But the "real" wan (internet) comes also from a 10.0.0.1 (Fritzbox). Is this rule a good idea?

        1 Reply Last reply Reply Quote 0
        • M
          marcelloc
          last edited by Jan 29, 2012, 1:09 PM

          This way pfSense is acting just like a router, without rules.

          You can specify some rules on wan to protect only 192.x.x.x as internet can reach 10.x.x.x  without passing through pfSense.

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by Jan 29, 2012, 6:10 PM

            @vanhaakonnen:

            Thanks!

            I diabled NAT and add a firewallrule for the wan interface. Now I can access clients from both networks :
            Proto * | Source WAN set | Port * | Destination LAN set | Port * | Gateway * | …

            The Clients in the 10.x.x.x and 192.x.x.x network should talk without any firewallrule to eachother. But the "real" wan (internet) comes also from a 10.0.0.1 (Fritzbox). Is this rule a good idea?

            I think you are right.

            Internet–--fritzbox--------pfsense------LAN

            when you set a rule on the pfsense interface which is connected to fritzbox like this than traffic FROM Internet is blocked but from netwrok between fritzbox and pfsense is allowed:

            Source port: any
            source ip: WAN subnet
            destination IP: any
            destination port: any

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received