Static route on WAN
-
I am having problems creating a static route on the WAN side of a pfsense firewall that is connected to two routers.
The pfsense firewall is called PFFirewall.
The LAN of my PFFirewall is set at 192.168.200.0/24. NAT is enabled.
The WAN of my PFFirewall (at 192.168.201.2) is connected to:
InternetRouter (192.168.201.1)
OtherRouter (192.168.201.4).
Behind the Other Router is a network 192.168.202.0/24PFFirewall has two WAN Gateways defined:
192.168.201.1, Default
192.168.201.4I have created a static route on PFFirewall
192.168.202.0/24 => 192.168.201.4 GatewayThere is a static route also on Internet Router
192.168.202.0/24 => 192.168.201.4From the LAN behind PFFirewall, packets to 192.168.202.1 always go via the InternetRouter
traceroute to 192.168.202.1 (192.168.202.1), 64 hops max, 52 byte packets
1 PFFirewall (192.168.200.1) 0.492 ms 0.198 ms 0.155 ms
2 InternetRouter (192.168.201.1) 0.619 ms 0.747 ms 0.748 ms
3 192.168.202.1 (192.168.202.1) 6.686 ms 0.756 ms 0.741 msFrom the LAN behind PFFirewall to OtherRouter go directly
traceroute to OtherRouter (192.168.201.4), 64 hops max, 52 byte packets
1 PFFirewall (192.168.200.1) 0.416 ms 0.279 ms 0.211 ms
2 InternetRouter (192.168.201.4) 0.598 ms 0.437 ms 0.415 msSo I'm missing something!
Thanks.
-
I think it's because you are natting the LAN on the WAN. Traffic has to go out the WAN to reach the other net. Try using advanced OB nat and excluding the private subnets from NAT.