FW configuration issue



  • I am having issues getting a configuration to work on the PFSense.

    I have two interfaces that I need traffic to communicate through, the LAN interface (192.168.100.3) where a Server (192.168.100.6) sits, and then Isolated interface where I have some "client" machines sitting (192.168.101.x/24). Due to the way the server hands out licenses, I need the client IPs to have a 192.168.101.x/24 address (I also need the traffic from the 192.168.101.x/24 to be isolated except for communication with the server on 3 ports which is why I put those on a separate interface).

    The Server consistently sees the "client" devices as 192.168.100.3 (LAN Interface IP) instead of the true IP, also NAT'ing is turned off for the 192.168.101.x/24 network.

    The Firewall Logs show only traffic leaving the Isolated interface.  A PCAP on the LAN Interface shows traffic going from 192.168.100.6 (server) to 192.168.100.3 (LAN Interface), and a PCAP on the Isolated interface only shows the traffic leaving, no return traffic.

    I have implemented the following rules on both interfaces in an attempt to trouble shoot the traffic and got the same results:
    192.168.100.6 Any 192.168.101.x/24 Any
    192.168.101.x/24 Any 192.168.100.6 Any

    Any ideas to help correct this issue?



  • It is doing NAT from "Isolated" to LAN for some reason.
    Firewall->NAT, Outbound - is it set to Automatic Outbound NAT?
    Is there a gateway set on LAN?
    (should not be - if it is then pfSense will be thinking that is a WAN-type interface and make NAT rules to it by default)
    Look in /tmp/rules.debug and search for "NAT" - see if there are any NAT rules mentioning NAT to LAN.


Log in to reply