Problem between Pfsense and my router, outlook
kerberos01 last edited by
HI , I have a problem with pfsense. first i have 2 routers in my company . (Router 1) connect the users with the internet ( ADSL ) , (Router 2) connect
between 2 branch by ( leased line) ,
(case 1 ):- the configuration on the computer of the users was ( GW = pfsense lan , DNS = IP of Domain controller 'DC' )
In this case the users connect outlook with no problem but can't connect to another branch…
(case 2):- the configuration on the computer of the users was ( GW = ip of router 2 , DNS = IP of Domain controller 'DC')
In this case the users connect to another branch but can't connect outlook ....
(case 3):- configuration static route in pfsense
1- give pfsense lan ( GW= Router 2)
2- static route ( dest = network in another branch , GW= router 2)
and configuration users pc was ( GW = pfsense lan , DNS = IP of Domain controller 'DC' )
In this case the users connect to another branch but can't connect outlook...
finally I want users connect to another branch , outlook and connect together on my lan by DC .Thanks
phil.davis last edited by
Case 3 should work better than you describe.
a) Create the gateway to router 2, but DO NOT make it "upstream gateway" in LAN settings. Just leave it as a gateway not "attached" to LAN.
b) Add the static route/s pointing to "gateway to router 2", like you already did.
c) Keep users PCs with GW pfSense LAN IP.
That should send all internet traffic out ADSL WAN, and just the static route subnets go to router 2.
Now you have an asymmetric routing problem. The returning packets from router 2 will get delivered directly to user PCs. because they are directly on the same LAN. I try to remove the asymmetric routing from the design:
a) If you have another interface port on your pfSense; plug router 2 to an separate port. Give router 2 an IP address in some new subnet, different to LAN. Assign an interface for the pfSense port (e.g. it becomes OPT1). Enable OPT1 with a new subnet. Make the gateway to the new router 2 IP address in OPT1. Make the static route/s go to that gateway.
Now all routing out and back follows the same path through pfSense.
b) Firewall->NAT, Outbound - switch to Hybrid NAT. Add a NAT rule to NAT out on LAN to the subnets behind router 2. That way router 2 will see the source IP of all packets coming to it as the pfSense LAN IP. So packets coming back will have pfSense LAN IP destination and router 2 will send them to pfSense LAN IP. pfSense will "unNAT"them and delivery to the user PCs.
This also removes asymmetric routing, but looks a little bit trickier to understand than doing it physically as per (a).
kerberos01 last edited by
Thanks for your reply and I will use this solution