Static route on WAN
I am having problems creating a static route on the WAN side of a pfsense firewall that is connected to two routers.
The pfsense firewall is called PFFirewall.
The LAN of my PFFirewall is set at 192.168.200.0/24. NAT is enabled.
The WAN of my PFFirewall (at 192.168.201.2) is connected to:
Behind the Other Router is a network 192.168.202.0/24
PFFirewall has two WAN Gateways defined:
I have created a static route on PFFirewall
192.168.202.0/24 => 192.168.201.4 Gateway
There is a static route also on Internet Router
192.168.202.0/24 => 192.168.201.4
From the LAN behind PFFirewall, packets to 192.168.202.1 always go via the InternetRouter
traceroute to 192.168.202.1 (192.168.202.1), 64 hops max, 52 byte packets
1 PFFirewall (192.168.200.1) 0.492 ms 0.198 ms 0.155 ms
2 InternetRouter (192.168.201.1) 0.619 ms 0.747 ms 0.748 ms
3 192.168.202.1 (192.168.202.1) 6.686 ms 0.756 ms 0.741 ms
From the LAN behind PFFirewall to OtherRouter go directly
traceroute to OtherRouter (192.168.201.4), 64 hops max, 52 byte packets
1 PFFirewall (192.168.200.1) 0.416 ms 0.279 ms 0.211 ms
2 InternetRouter (192.168.201.4) 0.598 ms 0.437 ms 0.415 ms
So I'm missing something!
dotdash last edited by
I think it's because you are natting the LAN on the WAN. Traffic has to go out the WAN to reach the other net. Try using advanced OB nat and excluding the private subnets from NAT.