Static route on WAN



  • I am having problems creating a static route on the WAN side of a pfsense firewall that is connected to two routers.

    The pfsense firewall is called PFFirewall.

    The LAN of my PFFirewall is set at 192.168.200.0/24.  NAT is enabled.

    The WAN of my PFFirewall (at 192.168.201.2) is connected to:
        InternetRouter (192.168.201.1)
        OtherRouter (192.168.201.4).
    Behind the Other Router is a network 192.168.202.0/24

    PFFirewall has two WAN Gateways defined:
      192.168.201.1, Default
      192.168.201.4

    I have created a static route on PFFirewall
      192.168.202.0/24 => 192.168.201.4 Gateway

    There is a static route also on Internet Router
      192.168.202.0/24 => 192.168.201.4

    From the LAN behind PFFirewall, packets to 192.168.202.1 always go via the InternetRouter

    traceroute to 192.168.202.1 (192.168.202.1), 64 hops max, 52 byte packets
    1  PFFirewall (192.168.200.1)  0.492 ms  0.198 ms  0.155 ms
    2  InternetRouter (192.168.201.1)  0.619 ms  0.747 ms  0.748 ms
    3  192.168.202.1 (192.168.202.1)  6.686 ms  0.756 ms  0.741 ms

    From the LAN behind PFFirewall to OtherRouter go directly

    traceroute to OtherRouter (192.168.201.4), 64 hops max, 52 byte packets
    1  PFFirewall (192.168.200.1)  0.416 ms  0.279 ms  0.211 ms
    2  InternetRouter (192.168.201.4)  0.598 ms  0.437 ms  0.415 ms

    So I'm missing something!

    Thanks.



  • I think it's because you are natting the LAN on the WAN. Traffic has to go out the WAN to reach the other net. Try using advanced OB nat and excluding the private subnets from NAT.