Traffic blocked for 2nd LAN

  • Hello,

    I have a PFsense machine with 3 NIC's, 1 as WAN, 1 as LAN ( and another as OPT1. This last NIC is for me another LAN (exactely

    I have setted this rules for Firewall->LAN
    Proto    Source              Port        Destination    Port    Gateway
    TCP    *              *                *        Default

    in Firewall: NAT: Outbound I have write this:
    Interface      Source              Source Port      Destination    Destination Port    Nat Address    Nat port    Static Port
    WAN          *                    *                    *                      *                *              NO

    Well. In this situation my host in LAN network can go to Internet.

    The problem birth when I create this rules for OPT1 (my 2nd LAN).
    I have created same rules for OPT1 (with the correct address) BUT my host in OPT1 network can't go to internet!!!

    What I can do  ??? ??? ??? ?

    thanks in advance.

  • As you seem to use advanced outbound NAT create a NAT rule for the OPT1 subnet too. Also it seems that you only allow protocol TCP at LAN. You should use protocol ANY as you probably need ICMP, UDP for DNS and so on. I would start with any any any to any rules at LAN and OPT1 and disable advanced outbound nat (if it'S disable pfSense will do NAT at every interface that has a gateway set.

  • I have changed TCP with any.

    But I don't can disable "enable advanced outbound NAT" (webGUI don't permit to disable) then I have try to delete NAT Outbound rules BUT  in this case nobody network can exit to Internet.

    where I mistake?

  • Switch to IPSEC passthrough, it's the option that disables advanced outbound nat.

  • OK  :D

    but my 2nd LAN don't exit to Internet.

    moreover I don't succeed to ping from PFSense machine to any host in 2nd LAN. The ping answer with "Host is down" and this is IMPOSSIBLE!!!

    I think I lost the control  :-[

    I hope in your help.

  • It should still work this way. Make sure all clients at LAN and OPT1 use the correct gateway and have valid IP configuration.

Log in to reply