[pfSense Support] Problem with forwarding between interfaces

Fri, 02 Sep 2011 04:09:54 -0700 

Hi,
I've set up 2.0r3 on an ALIX2D13 box. Largely things work fine, but I have a routing issue that I can't get my head around. I'll quickly describe my setup first and then explain the problem I'm facing: 


The ALIX2D13 has 3 Ethernet interfaces. I use the first (vr0) as WAN 
connection with DHCP. Works fine.



The second Ethernet interface has a static private IP and serves as my 
backdoor into the box when I screw up things on the other interfaces. 
Also works fine.



The ALIX has a Wifi card built in that runs as access point. This 
access point, am openVPN tap client interface and the third Ethernet 
interface are all part of a bridge (br0). Via VPN, the bridge gets an IP 
assigned using a DHCP Server at the other end of the VPN tunnel in a 
data center. Works also.



When I connect to the WIFI access point provided by the ALIX box, the 
client box contacts the DHCP server at the far end of the VPN tunnel for 
an IP address. This also works. Part of the DHCP-provided information is 
the gateway to be used by the client, which is set as the IP of the 
bridge interface in the ALIX box. Here the problem comes in: the 
Internet-bound traffic arrives at the ALIX, and my hope would be that it 
is routed out directly via the WAN interface. However, it somehow 
disappears there or hits some kind of wall. I should say that in the 
advanced setting of pfSense I completely turned off packet filtering for 
the moment, so that the firewall is not the problem.



From Linux, I know that IP forwarding can be enabled with echo "1 > 
/proc/sys/net/ipv4/ip_forward". I assume, FreeBSD is doing this in some 
similar way? Is this feature enabled by default in pfSense? if not, 
could that be the problem?



Are there any diagnostic dumps I could add to provide more detailed 
info?


I would really appreciate a hint or two...

Thanks,
Ray

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org















    











					Reply via email to