I’m looking for some help on how to configure my Edgerouter and a pfsense VM so that I can use the pfsense to handle a separate lab network behind the edgerouter. This separate network needs to have internet access and will be running a vpn. But does not require access to the main LAN.
I’m currently running an Edgerouter Pro as my main router/firewall connected to the internet via a fibre/ethernet media converter (ONT). I have a static external IP assigned via DHCP.
On the LAN side the ER-Pro has a single connection to a HPE layer 3 switch which is only used to manage a few VLANs and connect all other devices including the XCP-NG machine hosting the PFSense VM
All assets above are on VLAN 1, except for the PFSense VM and the hard wired laptop (my laptop), these are on the ‘Lab’ Vlan.
PFSense is configured to connect via DHCP and receives a WAN IP from 192.168.21.0/24 given out by the edgerouter. The PFSense then gives my laptop an IP from 192.168.23.0/24.
From my laptop I can access the pfsense UI, and I can also access my freenas UI which is connected to the main LAN. This wasnt really expected, but it’s ok for now.
My main problem is that I can’t conect to the internet from the Lab LAN. I receive a DNS server via DHCP which is the IP of my PFSense VM. But even when I set a static DNS server of 9.9.9.9 I still cant access the internet.
I think I need to set either a Route, NAT or Firewall rule in my edgerouter to allow the Lab LAN access to the internet but I dont know what exactly.
Everything I find online when I search double NAT is about how to avoid it and how bad it is. Nothing about making it work correctly.