Netgate SG-1000 microFirewall

Author Topic: 2WAN-2LAN All Wans Have Identical Setup, Lans Identical Setup, ONLY 1 LAN WORKS  (Read 142 times)

0 Members and 1 Guest are viewing this topic.

Offline seanj

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile

  I have pfSense box set up with 2 WAN and 2 LAN interfaces.

  One node has 2 LAN connection each coming from different LAN interface:
     Lan1 is setup with 192.168.2.xx internal IPs
     Lan2 is setup with internal IPs

  NAT 1:1 binds public IP xx.xx.xx.165 to
  NAT 1:1 binds public IP xx.xx.xx.197 to

  Firewall rule allows ssh,http to both and

What works:
  Almost everything:  WAN1, WAN2 have connections ping and can access.
  I can ssh from psSense box to both and  (confirms recipient box is up on both lans).
  but I can only ssh to from outside word and CANNOT CONNECT TO second connection

Attached are the NAT set up and Firewall Rules I have set. 
EVEYTHING is good on LAN 1, but when LAN1 is disabled (or without disabling) I cannot access node  connected to LAN2 (it's the same node as LAN1 is connecting without issue)

I confirmed I can connect to the node from LAN1 and LAN2 from pfSense box itself, but not from behind firewall

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9763
  • Karma: +1103/-311
    • View Profile
Check the firewall. etc on host

I don't think it's your issue but why not two firewall rules to the SSH systems? Dest any seems lazy and unspecific to me there.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!

Offline seanj

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Thank you for your reply.

As you have mentioned, having any for ssh port wasn't the issue.  I have it at any to have ssh port open for all nodes.

I almost pulled my hairs out!

This is what I noticed and was the problem:

Under Firewall/NAT  pfSense automatically generated Mapping rules. 
All mapping rules were for internal IPs to link to default WAN.   (192.168.2.x -> WAN1 && 192.168.3.x -> WAN1)

When I manually changed mapping for 192.168.3.x -> WAN2  it fixed it and it works now.