FW configuration issue
-
I am having issues getting a configuration to work on the PFSense.
I have two interfaces that I need traffic to communicate through, the LAN interface (192.168.100.3) where a Server (192.168.100.6) sits, and then Isolated interface where I have some "client" machines sitting (192.168.101.x/24). Due to the way the server hands out licenses, I need the client IPs to have a 192.168.101.x/24 address (I also need the traffic from the 192.168.101.x/24 to be isolated except for communication with the server on 3 ports which is why I put those on a separate interface).
The Server consistently sees the "client" devices as 192.168.100.3 (LAN Interface IP) instead of the true IP, also NAT'ing is turned off for the 192.168.101.x/24 network.
The Firewall Logs show only traffic leaving the Isolated interface. A PCAP on the LAN Interface shows traffic going from 192.168.100.6 (server) to 192.168.100.3 (LAN Interface), and a PCAP on the Isolated interface only shows the traffic leaving, no return traffic.
I have implemented the following rules on both interfaces in an attempt to trouble shoot the traffic and got the same results:
192.168.100.6 Any 192.168.101.x/24 Any
192.168.101.x/24 Any 192.168.100.6 AnyAny ideas to help correct this issue?
-
It is doing NAT from "Isolated" to LAN for some reason.
Firewall->NAT, Outbound - is it set to Automatic Outbound NAT?
Is there a gateway set on LAN?
(should not be - if it is then pfSense will be thinking that is a WAN-type interface and make NAT rules to it by default)
Look in /tmp/rules.debug and search for "NAT" - see if there are any NAT rules mentioning NAT to LAN.