Sharing internet trough opt interface


  • I have set up a loadbalacing server. And computers connected on opt1 can connect to my computers on lan. The problem is that opt1 isn't a internet gateway just to lan.

    Network topology
    http://www.xs4all.nl/~vvnb/net.png

    pfsense
    wan 83.161..
    lan 172.0.1.0/24
    opt 172.0.0.0/24
    (I will change it to 172.16 someday)

    So how can I get computers on opt1 on the internet trough the loadbalance server? I had some ideas didn't work


  • You'll need to create outgoing NAT WAN rules, so that OPT1 can get to the internet. Then create access rules allowing OPT1 to the WAN (or Load Balancer). That's pretty much it.


  • also make sure you're using 1.2b1, it fixes lots of bugs in this area.


  • to get computer2 to use the loadbalncer - on computer2 I would TRY to have pfsense as the gateway … no idea if this would work though.


  • You'll need to create outgoing NAT WAN rules, so that OPT1 can get to the internet. Then create access rules allowing OPT1 to the WAN (or Load Balancer). That's pretty much it.

    Could you be a bit more specific opt1 to ??

    also make sure you're using 1.2b1, it fixes lots of bugs in this area.

    aim running  1.2-BETA-1-PRERELEASE-SNAPSHOT-04-23-07


  • I'd recommend 1.2 Beta 1, no snapshots… seems a liitle stabler. (You'll need to go to the mirrors site to get this, not the snapshot server.)

    @eddie4:

    Could you be a bit more specific opt1 to ??

    You need outgoing NAT rules for any network that reaches the internet, it's a basic principle as the firewall is hiding your computers from the internet. Go to NAT, outgoing NAT. You need to create a rule for each WAN interface you have, and specify the subnet network that will be connecting to it. There's not many options, it's pretty simple.

    I've got 2 WANs and 2 LANs, so I have 4 outgoing NAT rules. Each LAN needs a rule for each WAN connection. Make sense?


  • @tacfit:

    You need outgoing NAT rules for any network that reaches the internet, it's a basic principle as the firewall is hiding your computers from the internet. Go to NAT, outgoing NAT. You need to create a rule for each WAN interface you have, and specify the subnet network that will be connecting to it. There's not many options, it's pretty simple.

    This is usually not needed unless you use advanced outbound NAT for something special (like CARP or static ports). By default pfSense will NAT on any interface with a gateway. You only should need firewallrules at OPT1 allowing traffic to pass and maybe a DHCP-Server tio make clientconfiguration easier.

    I suggest showing us your OPT1 interface configuration and your OPT1 firewallrules.


  • my settings