Netgate SG-1000 microFirewall

Author Topic: pfSense as a second router  (Read 1557 times)

0 Members and 1 Guest are viewing this topic.

Offline Steven.DeZalia

  • Jr. Member
  • **
  • Posts: 27
  • Karma: +2/-0
    • View Profile
pfSense as a second router
« on: March 01, 2014, 10:21:58 am »
I'm looking to set this up temporally until I move the pfSense box as the front facing router. This is just for testing/practice so that I will know how to layer pfSense routers in the future.

pfSense is properly assigning IP's as the XP VM received the first IP in the addressable range for he interface it is attached to. The XP VM is able to get resolution for a ping to Google.com to an IP but failed to communicate.

So my 192.168.2.x network cant communicate through my 192.168.1.x network.

I'm new to burying routers behind other routers. So be kind please as this is new territory that i'm playing with.

this is version 2.1 x86.

If you want any additional info just ask.

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4618
  • Karma: +552/-3
    • View Profile
    • International Nepal Fellowship
Re: pfSense as a second router
« Reply #1 on: March 01, 2014, 10:46:45 pm »
That "should" just work out-of-the-box. I make a test system like that from factory defaults all the time. pfSense WAN can be set to DHCP, and get a 192.168.1.x address allocated by the ISP device, or you can pick an unused IP address like 102.168.1.2 as the static IP for pfSense and set the WAN gateway to 192.168.1.1
The default LAN allow all rule will let traffic through from your XP client. pfSense WAN will NAT by default towards the ISP device, so the ISP device will have no trouble replying to it.
What else did you did in addition to factory defaults and assign the physical devices?
Did you set a gateway on LAN? - don't do that!
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline wojtek

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: pfSense as a second router
« Reply #2 on: December 14, 2017, 06:56:11 pm »
I'am having a similar setup and facing the same problem.  I am able to ping/ssh from 192.168.1.x but the other way round I can only ping any ssh/telnet connections fails.

In my setup all devices on 192.168.2.x are virtutal (expect of the host on 192.168.2.2)
on the physical host (192.168.2.2) there are two bridges br1 and br2 bridging eno3 and eno4 interfaces with ip 192.168.1.12 and 192.168.2.2

Additionally there is bon0 interface (eno1 and eno2) with ip of 192.168.1.2

Netmask is the same on all networks 255.255.255.0

/proc/sys/net/ipv4/ip_forward set to 0

Any thoughts what could I check/do?

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15761
  • Karma: +1502/-210
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: pfSense as a second router
« Reply #3 on: December 19, 2017, 03:44:04 am »
"or you can pick an unused IP address like 102.168.1.2"

Just to be clear - I am like 1000% sure phil would not be suggesting you grab a public IP address out of thin air and use it.. that should of been 192.168.1.2 I have to hope.. ;)

If you forwarded traffic into a IP behind pfsense, but you can not telnet or ssh..  Either your forward is wrong or those are not listening, or the host has a firewall blocking..  Run through the port forwarding troubleshooting guide.  Or since your on a double nat your coming from a 192.168 address into pfsense wan which would be blocked anyway if you have the block rfc1918 rule there, etc..

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

Also you should of created you own post with your own info vs bringing back a thread from 2014..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.3-RELEASE (work)
1x SG-3100 2.4.3-RELEASE (work)
1x SG-4860 2.4.3-RELEASE (home)

Offline wojtek

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: pfSense as a second router
« Reply #4 on: December 20, 2017, 04:16:04 am »
Sorry for opening an old topic.  Basically my problem was solved by disabling hardware checksum offloading, see:
https://forum.pfsense.org/index.php?topic=87856.0