In the main router, i set up a static route:
destination: 192.168.2.0/24 //LAN_2
gateway: 192.168.1.3 //pfsense box
In pfsense box, the only firewall rule i changed is on the WAN, enable all connection. I simply did that only for my initial setup, just at least to get everything working in the first place.
Ping results:
From LAN_1, my laptop ip 192.168.1.9
192.168.1.9 ping to 192.168.1.3 successful //LAN_1 can ping to pfsense box WAN IP
192.168.1.9 ping to 192.168.2.1 successful //LAN_1 can ping to pfsense box LAN IP
192.168.1.9 ping to 192.168.2.2 unsuccessful //LAN_1 CANNOT ping to devices INSIDE LAN_2 pfsense
FROM LAN_2, my pc ip 192.168.2.2
192.168.2.2 ping to 192.168.1.9 successful //LAN_2 can ping to my laptop
192.168.2.2 ping to 192.168.1.1 successful //LAN_2 can ping to main router
My reason for not have the pfsense as main router because my internet connection is a DSL line. Need to connect through a router modem.
So far I tried everything i possibly can. Seems like I’m not smart enough with this stuff. Please help, i’m clueless now
You can put the router in bridged mode - have pfsense dial out and manage your interent.
Have all devices connect to the internet through your pfsense box via switch/wireless ap.\
If you do have a reason:
Expose what you want shared via doing some port forward.
I want to split in 2 becuase I intend to manage my virtual machines through my pc which I figure best to set it on different subnet i.e. 192.168.2.x/24 thus seperate the environment from my home devices.
Configuring pfsense as my sole router is my plan B as it need some wiring to be done and I do have to buy new router/switch to set everything up.
Plan A:
router(dsl internet) --> {LAN_1, pfsense box{LAN_2}}
Plan B:
router(dsl internet) --> pfsense box --> new router
But I do want to figure out how to connect different subnet 192.168.1.x/24 to 192.168.2.x/24 together as it can be useful to learn.
About the port forwarding, for example, if I want to RDP from 192.168.2.2 to 192.168.1.x/24, how may I set it up on pfsense? I did port forwarding earlier, set it up to any protocol, but didn’t seem to work.
For port forwarding, forward the port on the main router to the pfsense box and then again in pfsense to the correct IP in LAN_2. Create appropriate firewall rules where necessary.
Thanks for remind me to try ping my pc from pfsense. It worked and kinda triggered me there’s must be something I was missing.
I looked back into port forwarding and watch lawrence youtube channel, a tip from him, is to try port test on pfsense.
So I did port test on all ports of my pc (that is indifferent subnet), it failed. Then I try to test only one port, 443, finally a good news, it succeed to connect on port 443.
Reminded me from somewhere I read that ping on windows cant pass through different subnet due to windows firewall. Just then I realized that its not only the pfsense firewall rules that needs to be configured, but windows firewall as well. So I try open port 445 for samba and finally can access smb shares on devices 192.168.1.x/24. Though this is a test network setup, need to edit the pfsense firewall for security measures.
Thanks all for reply. If someone out there has more suggestions how to make pfsense firewall port forwarding more secure please do share!