Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FW configuration issue

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 785 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jmrvnr
      last edited by

      I am having issues getting a configuration to work on the PFSense.

      I have two interfaces that I need traffic to communicate through, the LAN interface (192.168.100.3) where a Server (192.168.100.6) sits, and then Isolated interface where I have some "client" machines sitting (192.168.101.x/24). Due to the way the server hands out licenses, I need the client IPs to have a 192.168.101.x/24 address (I also need the traffic from the 192.168.101.x/24 to be isolated except for communication with the server on 3 ports which is why I put those on a separate interface).

      The Server consistently sees the "client" devices as 192.168.100.3 (LAN Interface IP) instead of the true IP, also NAT'ing is turned off for the 192.168.101.x/24 network.

      The Firewall Logs show only traffic leaving the Isolated interface.  A PCAP on the LAN Interface shows traffic going from 192.168.100.6 (server) to 192.168.100.3 (LAN Interface), and a PCAP on the Isolated interface only shows the traffic leaving, no return traffic.

      I have implemented the following rules on both interfaces in an attempt to trouble shoot the traffic and got the same results:
      192.168.100.6 Any 192.168.101.x/24 Any
      192.168.101.x/24 Any 192.168.100.6 Any

      Any ideas to help correct this issue?

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        It is doing NAT from "Isolated" to LAN for some reason.
        Firewall->NAT, Outbound - is it set to Automatic Outbound NAT?
        Is there a gateway set on LAN?
        (should not be - if it is then pfSense will be thinking that is a WAN-type interface and make NAT rules to it by default)
        Look in /tmp/rules.debug and search for "NAT" - see if there are any NAT rules mentioning NAT to LAN.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.