Routing to secondary firewall on LAN interface



  • So I blame this on my complete lack of knowledge of pfSence. But we all start somewhere, right? Anyways, i'm looking for a little help getting up the proper routing. If you look at the attachment you can see how I have my network setup.

    I have a secondary firewall (DDWRT) connected to the LAN interface of my pfSense device. When inside the private subnet I can ping all the way up to the public IP and have no problem accessing the pfSense web config and internet. I cannot go the other direction if i am in the 192.168.1.0 subnet. Im assuming that pfSense is trying to route traffic out the WAN interface and not down thru the 192.168.1.2 address. I have tried setting up routes and gateways with no luck. Does anyone have any suggestion on what im doing wrong?

    Ultimately I will want to open ports from WAN that are forwarded down into the private subnet. I will at some point want to host a server or two within the 192.168.1.0 subnet.
    ![Public (1).jpg](/public/imported_attachments/1/Public (1).jpg)
    ![Public (1).jpg_thumb](/public/imported_attachments/1/Public (1).jpg_thumb)



  • What kind of firewall rules do you have, any that may be blocking the traffic?



  • You are double NAT'ing, so your network is behaving as expected.  Your DDWRT's WAN is PFsense, so essentially what you are trying to do is access the 192.168.2.0/24 subnet directly over the internet, which is not possible.

    As currently configured, in order to access the 192.168.2.0/24 subnet you would have to setup portforwards on your DDWRT.

    i.e.  if you want to access 192.168.2.10 on port 80, you would connect to 192.168.1.2 on port 80, which would be NAT'd to 192.168.2.10.

    The other option is convert your DDWRT into a router (instead of a gateway) and configure static routes on both sides.  This way PFsense will route 192.168.2.0/24 through 192.168.1.2 and DDWRT will route 192.168.1.0/24 through 192.168.1.1.