Static route on WAN

  • I am having problems creating a static route on the WAN side of a pfsense firewall that is connected to two routers.

    The pfsense firewall is called PFFirewall.

    The LAN of my PFFirewall is set at  NAT is enabled.

    The WAN of my PFFirewall (at is connected to:
        InternetRouter (
        OtherRouter (
    Behind the Other Router is a network

    PFFirewall has two WAN Gateways defined:, Default

    I have created a static route on PFFirewall => Gateway

    There is a static route also on Internet Router =>

    From the LAN behind PFFirewall, packets to always go via the InternetRouter

    traceroute to (, 64 hops max, 52 byte packets
    1  PFFirewall (  0.492 ms  0.198 ms  0.155 ms
    2  InternetRouter (  0.619 ms  0.747 ms  0.748 ms
    3 (  6.686 ms  0.756 ms  0.741 ms

    From the LAN behind PFFirewall to OtherRouter go directly

    traceroute to OtherRouter (, 64 hops max, 52 byte packets
    1  PFFirewall (  0.416 ms  0.279 ms  0.211 ms
    2  InternetRouter (  0.598 ms  0.437 ms  0.415 ms

    So I'm missing something!


  • I think it's because you are natting the LAN on the WAN. Traffic has to go out the WAN to reach the other net. Try using advanced OB nat and excluding the private subnets from NAT.

Log in to reply