<![CDATA[Two-tier Firewall setup]]>

<![CDATA[Two-tier Firewall setup]]>Hello,
my god, i found the solution on my own now. It's totaly easy :'(

My problem was, that the internal-firewall changed the source-ip-address with the result that nothing worked.
I had to change the Outbound NAT setting to Manual Outbound NAT rule generation and delete the suspect rules

Logs from the external-firewall
befor: pass Jun 20 21:02:49 TRASNFERNET 10.25.47.14:4119 208.123.73.68:80 TCP:S (Source IP is the internal Firewall: Not good)
after: pass Jun 20 22:02:49 TRASNFERNET 192.168.10.2:52926 208.123.73.68:80 TCP:S (Source IP is the CLIENT-IP: GOOD )

###Setup####

–---------------------
Internet
-----------------------
|(/29er network)
---------------------------------------
external firewall (pfsense)
--------------------------------------
| 10.25.47.15
|
|
|
|
|10.25.47.14
---------------------------------------
internal firewall (pfsense)
---------------------------------------
LAN:192.168.10.1
|
|
|
|
Testclient: 192.168.10.2

]]>https://forum.netgate.com/topic/70479/two-tier-firewall-setupRSS for NodeWed, 17 Jun 2026 22:34:17 GMTFri, 20 Jun 2014 19:24:38 GMT60