PfSense as a gateway and router
-
Hi guys,
I ran into a problem where I feel like it's easy to fix, but I'm just missing something. This is what I'm trying to accomplish:
We currently have two firewalls, a Firebox and a pfSense box. Both of these firewalls have the necessary rules for external access. We've been having issues with one of our lines lately, so what we'd like to do is have both lines connect to a third firewall (labeled below as pfSense), that has a multiwan config. I don't want this firewall to have any rules on it, and just have it be used as the static route of Firewall1 and Firewall2.
The internal address of Firewall1 is 172.16.1.1/24.
The internal address of Firewall2 is 172.16.2.1/24.I plan to have the WAN and OPT interfaces of the pfSense box be 172.16.1.2 and 172.16.2.2. The internal address of pfSense is a 10/8 address.
I didn't try multiwan because I wanted to try an interface at a time. With a single interface, I am able to access the internet with pfSense as the gateway, but Firewall1 cannot ping inside to access any 10/8 machines (with the static route setup properly). It is evident that pfSense is blocking this access (bogon networks are allowed, and the default firewall rules are deleted), but I cannot find how to allow this access. Even with the firewall turned completely off I cannot ping an internal computer.
I performed a test where I gave the LAN iface a 172.16.1.0/24 address and WAN a 10/8 address, but the reverse happened; I could ping internal computers but could not access the internet or anything.
Here is a rough diagram of my intended setup:
T1 T1
| |
Firewall1 Firewall2
| |\ /
\… pfSense.../
|
|
..........................
| | |
Server1 Server2........ Server15Any tips on this?
-
did you also disable that setting "Block private networks" on WAN?
-
did you also disable that setting "Block private networks" on WAN?
Yes, it's disabled, and I confirmed that 172…. addresses go through to the WAN interface.
-
how did you disable the firewall? as you write it it sounds a bit like: "no rules = no firewall"
you can diable the firewall completly under "advanced" with "Disable the firewalls filter altogether."
do you see in the logs that the access is blocked?
-
how did you disable the firewall? as you write it it sounds a bit like: "no rules = no firewall"
you can diable the firewall completly under "advanced" with "Disable the firewalls filter altogether."
do you see in the logs that the access is blocked?
Sorry for not being clearer. I disabled the firewall from under "advanced". In the logs or through pftop (if I remember correctly; I will try again shortly), I could not see any mention of a blocked request.
