Pfsense with existing router?



  • Hello everyone,

    Note: I did Google for the last few days, but still didn't find what I was looking for.

    So I have Verizon FIOS and their typical home router. My current setup is:

    Verizon router: 192.168.1.0 / 24  - I have few desktop running on this network

    I installed Pfsense and assigned 192.168.1.140 / 24 on the WAN port and 10.1.1.1 / 24 on the LAN  (DHCP enabled). I basically ran a cable from Verizon router to pfsense WAN. The lan port is connected to a 8 port gigabit switch where few desktops are running here as well. I have internet connection and everything works properly.

    I can ping interface 10.1.1.1 (pfsense LAN) from machines directly connected to Verizon router

    I can ping the default gateway (192.168.1.1) from machines on pfsense LAN

    The issue is, I can't seem to ping or access resources between machines connected  directly to pfsense LAN and machines connected directly  to Verizon router.

    I don't know the correct term, but is there some sort of routing that's needs to be added or allow some rules on the pfsense firewall?

    Any pointers are appreciated, thank you!


  • Netgate Administrator

    Hey.

    @Teh_Bot:

    I can ping interface 10.1.1.1 (pfsense LAN) from machines directly connected to Verizon router

    That should not work in a default install.

    You should only be able to that if you've added a firewall rule on WAN to allow it. Have you done that?

    Also you would not normally be able to do that anyway because the 10.1.1.1 address is hidden behind the WAN-LAN NAT that exists by default. In other words clients on the 192.168.1.X subnet do not have a route to the 10.1.1.X subnet. Have you made any NAT changes, configured some routing protocol or added the gateway manually to the clients?

    Steve



  • @stephenw10:

    Hey.

    @Teh_Bot:

    I can ping interface 10.1.1.1 (pfsense LAN) from machines directly connected to Verizon router

    That should not work in a default install.

    You should only be able to that if you've added a firewall rule on WAN to allow it. Have you done that?

    Also you would not normally be able to do that anyway because the 10.1.1.1 address is hidden behind the WAN-LAN NAT that exists by default. In other words clients on the 192.168.1.X subnet do not have a route to the 10.1.1.X subnet. Have you made any NAT changes, configured some routing protocol or added the gateway manually to the clients?

    Steve

    Hi steve,

    The only thing I did was add a WAN gateway, which is 192.168.1.1. As you mentioned, clients on the 192.168.1.X subnet does not have a route the 10.1.1.x network, but is it possible to create a some sort of route between them? If so, can you please point me to the right direction? Thanks for the reply!


  • Netgate Administrator

    This is an odd setup you have. What are you doing with the various machines on each side of the pfSense box?
    Normally to access services running on machines behind pfSense, a web server for example, you would use port forwarding. Each of the services you want to access would appear to clients on the WAN side to be running on the pfSense WAN address.

    If you actually want to be able to access to machines behind pfSense directly you need to have pfSense act purely as a router. You'd need to disable NAT, add firewall rules and then give the clients a route by manually adding routes to them.

    Steve


Log in to reply