Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem between Pfsense and my router, outlook

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      kerberos01
      last edited by

      HI , I have a problem with pfsense. first i have 2 routers in my company . (Router 1)    connect the users with the internet ( ADSL ) ,  (Router 2) connect

      between 2 branch  by ( leased line) ,

      (case 1 ):- the configuration on the computer of the users was (  GW = pfsense lan ,  DNS = IP of Domain controller 'DC' )

      In this case the users connect outlook with no problem but  can't connect to another branch…

      (case 2):- the configuration on the computer of the users was ( GW = ip of router 2 , DNS = IP of Domain controller 'DC')

      In this case the users connect to another branch but can't connect outlook ....

      (case 3):- configuration static route in pfsense

      1- give pfsense lan ( GW= Router 2)

      2- static route  ( dest = network in another branch  ,  GW= router 2)

      and configuration users pc  was (  GW = pfsense lan ,  DNS = IP of Domain controller 'DC' )

      In this case the users connect to another branch but can't connect outlook...

      finally I want users connect to another branch , outlook and connect together on my lan by DC .Thanks

      1 Reply Last reply Reply Quote 0
      • P Offline
        phil.davis
        last edited by

        Case 3 should work better than you describe.
        a) Create the gateway to router 2, but DO NOT make it "upstream gateway" in LAN settings. Just leave it as a gateway not "attached" to LAN.
        b) Add the static route/s pointing to "gateway to router 2", like you already did.
        c) Keep users PCs with GW pfSense LAN IP.

        That should send all internet traffic out ADSL WAN, and just the static route subnets go to router 2.

        Now you have an asymmetric routing problem. The returning packets from router 2 will get delivered directly to user PCs. because they are directly on the same LAN. I try to remove the asymmetric routing from the design:
        a) If you have another interface port on your pfSense; plug router 2 to an separate port. Give router 2 an IP address in some new subnet, different to LAN. Assign an interface for the pfSense port (e.g. it becomes OPT1). Enable OPT1 with a new subnet. Make the gateway to the new router 2 IP address in OPT1. Make the static route/s go to that gateway.
        Now all routing out and back follows the same path through pfSense.

        or;

        b) Firewall->NAT, Outbound - switch to Hybrid NAT. Add a NAT rule to NAT out on LAN to the subnets behind router 2. That way router 2 will see the source IP of all packets coming to it as the pfSense LAN IP. So packets coming back will have pfSense LAN IP destination and router 2 will send them to pfSense LAN IP. pfSense will "unNAT"them and delivery to the user PCs.
        This also removes asymmetric routing, but looks a little bit trickier to understand than doing it physically as per (a).

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • K Offline
          kerberos01
          last edited by

          Thanks for your reply and I will use this solution

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.