Routing to secondary firewall on LAN interface

  • So I blame this on my complete lack of knowledge of pfSence. But we all start somewhere, right? Anyways, i'm looking for a little help getting up the proper routing. If you look at the attachment you can see how I have my network setup.

    I have a secondary firewall (DDWRT) connected to the LAN interface of my pfSense device. When inside the private subnet I can ping all the way up to the public IP and have no problem accessing the pfSense web config and internet. I cannot go the other direction if i am in the subnet. Im assuming that pfSense is trying to route traffic out the WAN interface and not down thru the address. I have tried setting up routes and gateways with no luck. Does anyone have any suggestion on what im doing wrong?

    Ultimately I will want to open ports from WAN that are forwarded down into the private subnet. I will at some point want to host a server or two within the subnet.
    ![Public (1).jpg](/public/imported_attachments/1/Public (1).jpg)
    ![Public (1).jpg_thumb](/public/imported_attachments/1/Public (1).jpg_thumb)

  • What kind of firewall rules do you have, any that may be blocking the traffic?

  • You are double NAT'ing, so your network is behaving as expected.  Your DDWRT's WAN is PFsense, so essentially what you are trying to do is access the subnet directly over the internet, which is not possible.

    As currently configured, in order to access the subnet you would have to setup portforwards on your DDWRT.

    i.e.  if you want to access on port 80, you would connect to on port 80, which would be NAT'd to

    The other option is convert your DDWRT into a router (instead of a gateway) and configure static routes on both sides.  This way PFsense will route through and DDWRT will route through

Log in to reply