Trying to Route from WAN to LAN



  • I have a PFsense setup on my local network. It's Wan interface has an IP on my work network, with a LAN interface going to a switch on a segregated lab network. The Lan interface has several vlans assigned to it. Routing within the LAN networks works fine, but I'm trying to route traffic from the WAN network into one of the vlans called MGT1(10.222.200.0/24) on the LAN network without using NAT. I have a laptop that's trying to connect to the management IP/Port of my firewall. I added a static route on my laptop for the network I'm trying to reach with the WAN ipaddress of the pfsense as the gateway. I also added the firewall rules to allow traffic from my WAN to Lan. I can't seem to get any pings through, and traceroute doesn't look right to me.

    I haven't done anything with NAT, because I don't think I need to. I may be wrong in thinking that though. Do I need to turn nat off for pfsense to route from WAN to LAN? I've tried with it both off and on, but no change in behavior occurs.

    Interfaces:




    Aliases:

    pfsense routing table:

    Firewall Rules:

    Logging is turned on for the above firewall rule, but nothing is value is being logged for traffic on that rule:

    This was a packet capture attempted while doing a ping from a laptop on the WAN network, also shows the IP information from that laptop:

    The routing table of that laptop, and some diagnostic info; Ping and Tracert:
    http://pastebin.com/gaKfAjA8

    Considering the tracert doesn't event attempt to hop to 172.16.7.90 I would assume it was a routing problem but I have a route in the routing table.

    I'm pretty stumped. Any idea's?



  • @DeMiNe0:

    but I'm trying to route traffic from the WAN network into one of the vlans called MGT1(10.222.200.0/24) on the LAN network without using NAT

    So you are trying to access one of the many private ip addresses assigned for private lans from the wan/internet, or are you say mapping fixed ip's assigned to you to your devices on the MGT1 vlan?

    If the former, what does your traceroute show you?

    https://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces

    Maybe you could create a VPN to connect to the MGT1 vlan as a work around if you dont have private fixed ip to assign to the devices on MGT1?



  • No, the WAN in this case is just another private network that my laptop that I'm using for testing resides on. The private IP space from the WAN is valid in this case. I'm simply trying to use PFSense as a router to route the traffic coming from my 172.16.6.0/23 network(The Wan) to my isolated MGT1 10.222.200.0/24 network. I don't want to disable natting and SPF except for a last resort.