pfSense English Support > Routing and Multi WAN

pfSense not routing traffic

(1/4) > >>

Hello, for some reason I can't pass traffic between my LAN and WAN interfaces in either direction, no matter what I try. I have pfSense 1.0.1 embedded on a Soekris net4501. My config is attached. I have a computer with an IP of attached to my LAN interface of My WAN interface is a wireless card with an IP of associated with a WEP protected network. My default gateway is another wireless router with an internal IP of and a public external IP. I have placed a route in the default gateway router to route all 192.168.1.x traffic to I have disabled "Block private networks" on my WAN interface, permitted all IP traffic from LAN to WAN as well as WAN to LAN, enabled "Advanced outbound NAT", and deleted all NAT rules.

From the pfSense web interface I can ping the computer on my LAN interface and the default gateway on my WAN interface. From the computer on my LAN interface I can ping as far as my WAN interface at, but I can't ping the default gateway at From the default gateway I can ping as far as my LAN interface at, but I can't ping the computer at I've been beating on this for the last day but haven't figured out what the problem is. Does anyone have any suggestions?


  <?xml version="1.0" ?>
- <pfsense>
  <lastchange />
- <system>
  <time-update-interval />
- <webgui>
  <port />
  <certificate />
  <private-key />
  <dnsallowoverride />
- <ssh>
  <port />
  <maximumstates />
- <interfaces>
- <lan>
  <media />
  <mediaopt />
- <wan>
  <mtu />
  <media />
  <mediaopt />
  <spoofmac />
- <wireless>
  <authmode />
  <distance />
- <wpa>
  <macaddr_acl />
  <wpa_pairwise>CCMP TKIP</wpa_pairwise>
  <passphrase />
  <ext_wpa_sw />
- <wep>
  <enable />
- <key>
  <disableftpproxy />
  <staticroutes />
  <pppoe />
  <pptp />
  <bigpond />
- <dyndns>
  <username />
  <password />
  <host />
  <mx />
- <dhcpd>
- <lan>
  <enable />
- <range>
- <pptpd>
  <mode />
  <redir />
  <localip />
  <remoteip />
  <ovpn />
- <dnsmasq>
  <enable />
- <snmpd>
  <syslocation />
  <syscontact />
- <diag>
  <ipv6nat />
  <bridge />
  <syslog />
- <nat>
  <ipsecpassthru />
- <advancedoutbound>
  <enable />
- <filter>
- <rule>
  <descr>Default LAN -> any</descr>
- <source>
- <destination>
  <any />
- <rule>
  <max-src-nodes />
  <max-src-states />
  <statetimeout />
  <statetype>keep state</statetype>
  <os />
- <source>
  <any />
- <destination>
  <any />
  <descr />
- <ipsec>
  <preferredoldsa />
  <aliases />
  <proxyarp />
  <wol />
  <installedpackages />
- <revision>
  <description>/firewall_rules_edit.php made unknown change</description>

Tracerouting from both directions might help to find out where it goes wrong. Also make sure all your clients behind LAN use the pfSense LAN IP as gateway.

Here's a traceroute from the computer on the LAN interface to the pfSense router's default gateway:

traceroute to (, 30 hops max, 40 byte packets
 1  none (  1.312 ms  1.307 ms  1.223 ms
 2  none (  1.548 ms !H  1.831 ms !H  1.634 ms !H

Here's a telnet from that same system to the web interface of the default gateway. This is another reason why I think it's a routing issue in the pfSense box:

root@laptop:~# telnet 80
telnet: Unable to connect to remote host: No route to host

Here are the relevant states from the pfSense box for that connection attempt:

tcp ->     SYN_SENT:CLOSED

Here are the routes from the pfSense box:

default    UGS    0    98    1500    wi0    UH    0    0    16384    lo0
192.168.0    link#1    UC    0    0    1500    wi0    00:0f:66:47:66:2b    UHLW    2    32    1500    wi0    1170
192.168.1    link#2    UC    0    0    1500    sis0    00:00:86:46:66:c4    UHLW    1    2982    1500    sis0    984

Here's a traceroute from a system on the WAN interface to the computer on the LAN interface:
bob:~ bob$ traceroute -n
traceroute to (, 64 hops max, 40 byte packets
 1  6.358 ms  7.898 ms  7.317 ms
 2  * * *
 3  * * *^C

It's almost as if pfSense is ignoring the routes for the directly attached networks. It will route packets from one side to the other, but only to its interface, not any other hosts.

Check Interfaces -> WAN -> and ensure that the "Block private networks" option is disabled.

Yup, I mentioned that I checked that earlier. Thanks though.


[0] Message Index

[#] Next page

Go to full version