Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing issue

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      respectotron
      last edited by

      Hello,

      I am in the process of replacing a legacy cisco router on my network with a pfsense router. I have never used pfsense before, but I already greatly prefer it to cisco's offerings. That said, I am having some routing trouble and would greatly appreciate any help.

      My network around this pfsense router is as follows:

      • WAN X.X.X.243/29 (default gateway X.X.X.246 connects to the internet)
      • LAN 192.168.1.1/24 is connected to a switch and is set aside for hosts that need a wired connection and a static IP
      • OPT1 10.0.0.1/30 is connected to a cisco router/WAP (I'll get a pfsense replacement asap) that has an interface 10.0.0.2. The cisco router has the WAP inside a NAT, and the WAP uses 192.168.2.1/24 and assigns IP's with DHCP.

      I'm allowing everything through the firewall. I will add rules once everything else is working.

      Everything is working on the LAN – they can talk to each other, the internet, and can ping the cisco router on 10.0.0.2

      The problem occurs with all my hosts using wifi. They can get a 192.168.2.0/24 address just fine, and can ping both interfaces on the cisco router. However, I get ping timeouts for 10.0.0.1 and anything beyond that. Additionally, I get ping timeouts if pfsense or anything on LAN tries to ping 192.168.2.1, let alone anything within the WAP subnet. Other traffic besides pings also does not work in these situations. Oddly enough, the cisco router can ping anything on the WAP, the pfsense router, the LAN, and the internet.

      How can I reconfigure pfsense to route hosts on WAP subnet correctly? I know it's an issue with my pfsense configuration, because everything works if I plug everything back into the legacy cisco router (I have that router's configuration, if that would help.)

      I apologize if this is the wrong sub to be posting this question. Like I said, I'm new to pfsense.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Either get rid of the NAT on the WAP (strongly preferred), or add static routes to 192.168.2.0/24 via the WAP IP (10.0.0.2).

        1 Reply Last reply Reply Quote 0
        • R
          respectotron
          last edited by

          That works, thanks!

          I did the static route, because I am not in a position to change the wap config at this time. Why would disabling the NAT be preferable? If the advantages are worthwhile, I would be open to changing my network when I get the chance.

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            Well, multi-NAT is never desirable, breaks things plus pain to maintain. Imagine you want to open something on a computer behind the WAP. Need to do the same thing in two places at least.

            1 Reply Last reply Reply Quote 0
            • R
              respectotron
              last edited by

              Ok, I could see how that could become a huge pain. Thanks!

              1 Reply Last reply Reply Quote 0
              • H
                heper
                last edited by

                also imagine someone is using the wifi network for some evil torrenting;  oO
                On your pfsense machine your traffic graph will show the WAP_ip instead of the offenders_ip as the source/destination of lots of traffic  (since you NAT everything on the WAP)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.