Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Routing to secondary firewall on LAN interface

    Routing and Multi WAN
    3
    3
    910
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      codeblue2k last edited by

      So I blame this on my complete lack of knowledge of pfSence. But we all start somewhere, right? Anyways, i'm looking for a little help getting up the proper routing. If you look at the attachment you can see how I have my network setup.

      I have a secondary firewall (DDWRT) connected to the LAN interface of my pfSense device. When inside the private subnet I can ping all the way up to the public IP and have no problem accessing the pfSense web config and internet. I cannot go the other direction if i am in the 192.168.1.0 subnet. Im assuming that pfSense is trying to route traffic out the WAN interface and not down thru the 192.168.1.2 address. I have tried setting up routes and gateways with no luck. Does anyone have any suggestion on what im doing wrong?

      Ultimately I will want to open ports from WAN that are forwarded down into the private subnet. I will at some point want to host a server or two within the 192.168.1.0 subnet.
      ![Public (1).jpg](/public/imported_attachments/1/Public (1).jpg)
      ![Public (1).jpg_thumb](/public/imported_attachments/1/Public (1).jpg_thumb)

      1 Reply Last reply Reply Quote 0
      • S
        SysIT last edited by

        What kind of firewall rules do you have, any that may be blocking the traffic?

        1 Reply Last reply Reply Quote 0
        • M
          marvosa last edited by

          You are double NAT'ing, so your network is behaving as expected.  Your DDWRT's WAN is PFsense, so essentially what you are trying to do is access the 192.168.2.0/24 subnet directly over the internet, which is not possible.

          As currently configured, in order to access the 192.168.2.0/24 subnet you would have to setup portforwards on your DDWRT.

          i.e.  if you want to access 192.168.2.10 on port 80, you would connect to 192.168.1.2 on port 80, which would be NAT'd to 192.168.2.10.

          The other option is convert your DDWRT into a router (instead of a gateway) and configure static routes on both sides.  This way PFsense will route 192.168.2.0/24 through 192.168.1.2 and DDWRT will route 192.168.1.0/24 through 192.168.1.1.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy