One Wan and Multiple LAN - Gateway IP



  • I have Two LAN and One WAN configured. In second LAN configuration, it clearly states that Gateway IP is not required, if there are no multiple WAN configured. If I configure Gateway IP, then nothing works.

    Now my requirement is LAN1 do not trust LAN2 and LAN2 do not trust LAN1. In this circumstances, I do not wish have the traffic mix up…. If I need to specify separate gateway for every LAN i define with one WAN... what should I do ?

    Help please.....



  • Entering a gateway at an interface will add NAT to it by default (unless you enable advanced outbound nat). Don't set a gateway at any of your LANs for the pfSense interface config. You only need firewallrules to prevent the LANs to talk to each other. A rule like this should do the trick:

    At firewall>rules, LAN-tab: pass protocol any, source LAN-subnet, destination NOT LAN2-subnet, gateway default

    At firewall>rules, LAN2-tab: pass protocol any, source LAN2-subnet, destination NOT LAN-subnet, gateway default

    Now both LANs can get out to the internet but not to each other.


Log in to reply