Settings to allow VIP's on LAN to access the internet

  • Good evening,

    I have been reading through the forums for a few hours, and have not found an answer for what I am trying to accomplish. Please bare with me since I am new to the PFSense world and am trying to make this work.

    I have a PfSense box with two NIC's installed. One for the WAN and the second for the LAN. I have assigned the LAN NIC three ip's for the local network subnets:

    My issue is that I am missing the knowledge of some sort of rule to allow all three subnets access to the internet. The first subnet, has no problem connecting to the internet. The other two, which are VIP's, can't connect at all.

    My assumption is that there is some sort of routing rule that I am not defining. If you would be so kind, could you guide me to the settings that I need to make, or to the documentation that talks about how to make this all work? Thank you in advance.

  • For routing multiple subnets on the same LAN, you have to have 3 things. First, is a firewall rule. You must allow traffic originating from these different subnet to connect. The default rule only covers LAN subnet ( i am guessing). Then you need to make sure that if pfSense is not the router for those subnet, then you will need to add the routes to the routers that are the gateways for those subnets. The 3rd thing is NAT. Automatic outbound NAT might work. I use manual outbound NAT with rules specific to each of my subnets. Try the first 2 and then if it still does not work, switch to manual outbound NAT and setup rules for each subnet. The LAN will be created by default so you can copy those rules to the different subnets. (3 rules are created by default, , localhost, and ipsec (port 500) all to the WAN address (, or any)).

  • Thank you so much for your reply, I will be working on this now and let you know the results. I appreciate your time very much. (methinks the PFsense boards needs a "buy me a beer" button)

Log in to reply