I’m working on the below configuration.
My target is to be able to see the modem interface on 192.168.2.1 from client on LAN 192.168.29.100.
Issue 1: how to route from LAN 1 to WAN 1 ? Is outbound needed ?
Issue 2: how to setup route to network 192.168.2.X on client pc, while having 192.168.29.X IP assigned ?
Any comments appreciated.
That will worked by default on pfsense as long as you have “Reserved Networks” Firewall — Rule Methodology | pfSense Documentation unchecked under the WAN interfaces.
Hello Mr. Tom and thanks again for all the content you provide.
If you are referring to this WAN options below: it didn’t do the trick, instead i tried to use outbound hybrid rules and added the network 192.168.2.0/24. This was it. I’m not sure 100% why it worked like this, but i will re-test it on a fresh installation again. (Assumption: it might be like that because this WAN is NOT the default gateway and also is not a LAN that pfSense manages so it can route).
You may need to restart the firewall after making that change so that the routing tables pick up the modem’s IP and know how to route to it. But, in fairness, I have my firewall connected to an OEM cable modem, so that it picks up my external IP directly, still have “Block private networks…” turned on, and can still get to my modem’s interface at 192.168.xxx.xxx, so some kind of ARP notice is coming across on the WAN connection telling the firewall where that traffic goes.
@jvedman Thanks for your comment. I test it from LAN and it’s working without outbound.
Do you think this changes when i’m accessing this network over a site to site ? For example network 29 (client) has a site to site openvpn with network 14. (server). I’m connected to 14.
Yes, unfortunately I don’t think this will work across a VPN connection in a default configuration since there are no formal rules to tell the remote side what to do with the traffic. But it should work if you push a route to the modem’s local address (something like push “route 192.168.2.1 255.255.255.252”). I’ve never tried it, but as long as the modem’s IP isn’t on a subnet that the remote site thinks it can route by itself it should work.
