Routing between two internal networks

    I'm a bit at a loss. I tried to do something I usually do with by using "iptables on linux", but as others will need to do administrative work on the system too I needed a Web-UI. So I setup PFsense.
    For my simple test I got two networks:


    There's an already installed gateway in with the ip address of which allows internet access. My pfsense got two links now:

    • WAN is set to
    • LAN is set to

    I disabled NAT and Firewall so that the box should only do routing,…
    I set the default gateway on WAN to so that internet traffic is forwarded to that GW
    I set the route on LAN to dynamic,...

    My problem: I can't ping any host in from my host in except the PFsense itself. So ping to "" from "" does work, but ping to "" does not. I already used tcpdump to check WAN and LAN interface, both interfaces show the ICMP requests from the host "". But they don't seem to get forwarded. What do I miss here? I'm sure it's simple,...but I can't see it...:-)

    Remove the bogus dynamic GW on LAN. The GW there should be none.

  • Done that. But I already had that "configuration" before it's still not routing…

    It's routing just fine as long as the GW on WAN knows how to reach to send packets back. IOW, you need to configure this on the other end.

  • I currently try to access (which should not go to as far as I believe?),…I had in mind that acts as router between and

    Sigh. You need to tell the WAN GW that is reachable via You are configuring completely wrong box. You do NOT need any static routes on the box you are messing with.

  • Ok, let's leave WAN out of this for a second!

    Just imagine I got and
    PFsense got as "LAN" and as "WAN". Firewall disabled, no NAT.

    Now would want to access from… got GW for

    I cannot leave WAN out! That's what's broken. Packets go out and reply never gets back. There is NO special configuration needed for the routing-only box you are trying to set up. You configure it like normal, no manual routes, no extra gateways, nothing like that.

    For the last time before I leave this thread: - which is the "already installed gateway … which allows internet access" - must know that traffic to goes via the interface to which your routing-only pfS box with  WAN IP is attached (i.e., some LAN-like interface) – and NOT via the default GW (which would be the "already installed gateway's" WAN.)

  • Hi

    first of all: thanks for pushing me in the right direction. The route on the client side ( was on the wrong interface…my mistake!