Connecting Two Subnets with pfSense and AT&T Router in IP Passthrough Mode

oldie · October 17, 2024, 12:00pm

Hey everyone, I’m hoping someone can help me with an issue I’ve been trying to solve. I’ve set up two subnets on my network, but I’m having trouble getting them to communicate properly. Specifically, I have an AT&T router and a pfSense router working together, but traffic isn’t flowing between the subnets like I need it to.

The AT&T router is set to IP Passthrough mode, so it hands off a public IP to the pfSense router. The pfSense router’s WAN interface gets this public IP (99.x.x.x) via DHCP, and its LAN is configured with the 192.168.2.0/24 subnet. Meanwhile, devices connected to the AT&T router are on the 192.168.1.0/24 subnet.

The issue I’m facing is that devices on the pfSense LAN (192.168.2.x) can access devices on the AT&T subnet (192.168.1.x) just fine. However, devices on the AT&T subnet cannot reach any devices on the pfSense LAN, and I’m not sure how to fix it.

I’ve tried several things so far. I set up firewall rules on both the LAN and WAN interfaces of pfSense to allow traffic between the two subnets, but that didn’t seem to help. I also tried adding a static route on pfSense, but the only gateway it lists is the public IP gateway (99.x.x.1) instead of the AT&T router’s local gateway (192.168.1.1), which makes me think I might be missing something.

LTS_Tom · October 17, 2024, 12:25pm

The best way to set this up would be to put all the devices behind the pfsense.

oldie · October 17, 2024, 2:58pm

Hey Tom!!! You’re my first reply on this forum & i will cherish this moment.

I need the att subnet to communicate with pfsense because the device im using is a PiKVM V4 & if my server gets knocked offline, i can troubleshoot with the att subnet… if im not home.

LTS_Tom · October 17, 2024, 5:30pm

Go to the WAN interface and go down to the bottom under “Reserved Networks” and make sure both those boxes are unchecked.

oldie · October 17, 2024, 6:59pm

Hi Tom, they were already unchecked on both wan and lan.

tvcvt · October 18, 2024, 1:10pm

If I understand your description correctly, this sounds like a routing problem on the AT&T side. Coming from your pfSense side things work because anything not on 192.168.2.0/24 goes to pfSense’s default route, which goes to WAN port, which is connected to the AT&T router. In other words, that traffic goes somewhere that knows how to get to 192.168.1.0.

But on the AT&T side, how does 192.168.1.0 know where 192.168.2.0 is?

I’m making some assumptions about your topology, so sorry if I’m missing something, but set up a static route for 192.168.2.0/24 pointing to pfSense’s WAN address on your AT&T router and that should help things along.