Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing to secondary firewall on LAN interface

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      codeblue2k
      last edited by

      So I blame this on my complete lack of knowledge of pfSence. But we all start somewhere, right? Anyways, i'm looking for a little help getting up the proper routing. If you look at the attachment you can see how I have my network setup.

      I have a secondary firewall (DDWRT) connected to the LAN interface of my pfSense device. When inside the private subnet I can ping all the way up to the public IP and have no problem accessing the pfSense web config and internet. I cannot go the other direction if i am in the 192.168.1.0 subnet. Im assuming that pfSense is trying to route traffic out the WAN interface and not down thru the 192.168.1.2 address. I have tried setting up routes and gateways with no luck. Does anyone have any suggestion on what im doing wrong?

      Ultimately I will want to open ports from WAN that are forwarded down into the private subnet. I will at some point want to host a server or two within the 192.168.1.0 subnet.
      ![Public (1).jpg](/public/imported_attachments/1/Public (1).jpg)
      ![Public (1).jpg_thumb](/public/imported_attachments/1/Public (1).jpg_thumb)

      1 Reply Last reply Reply Quote 0
      • S
        SysIT
        last edited by

        What kind of firewall rules do you have, any that may be blocking the traffic?

        ¸,ø¤°`°¤ø,¸© Poor Planning On Your Part Does Not Constitute An Emergency On My Part ©¸,ø¤°`°¤ø,¸
        ¸,ø¤°`°¤ø,¸© The trouble with life is there’s no background music ©¸,ø¤°`°¤ø,¸
        ¸,ø¤°`°¤ø,¸© Life isnt short, you're just dead for too long©¸,ø¤°`°¤ø,¸

        1 Reply Last reply Reply Quote 0
        • M
          marvosa
          last edited by

          You are double NAT'ing, so your network is behaving as expected.  Your DDWRT's WAN is PFsense, so essentially what you are trying to do is access the 192.168.2.0/24 subnet directly over the internet, which is not possible.

          As currently configured, in order to access the 192.168.2.0/24 subnet you would have to setup portforwards on your DDWRT.

          i.e.  if you want to access 192.168.2.10 on port 80, you would connect to 192.168.1.2 on port 80, which would be NAT'd to 192.168.2.10.

          The other option is convert your DDWRT into a router (instead of a gateway) and configure static routes on both sides.  This way PFsense will route 192.168.2.0/24 through 192.168.1.2 and DDWRT will route 192.168.1.0/24 through 192.168.1.1.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.