I have pfSense with one LAN interface which is connected to a switch. All ports on this switch are part of the LAN (VLAN 10).
I have access points which are also part of the LAN, they have a static IP in the LAN subnet which users can connect to. The default gateway of all users on the LAN and the AP's are 10.70.10.1 which is the LAN interface of the pfSense box.
I have another router which is only used to connect to remote networks. This router has an IP address of 10.70.10.9 so is also sitting on the LAN network.
I have a static route on pfSense to point to these remote networks which says any traffic with a destination address 10.50.0.0/16 should use the 10.70.10.9 router as the next hop however this isn't working.
I believe the problem is that when trying to access the LAN devices from the remote network (10.50.0.0/16) the AP's are sending their return traffic to their default gateway first (10.70.10.1) which is the pfSense box. The pfSense box then sees the static route and knows it then needs to send the traffic to the router with IP 10.70.10.9 but I believe it won't route traffic out of the same interface it was received on.
Is this the behavior of pfSense? If so is there anyway to change it, I have had a look online and through the menus but can't see anything.
I know another option would be to put the router on separate L3 network for the PPP link but was hoping there was an easier solution.
Thanks,
Jack.
Best Answer
Found the solution:
System -> Advanced -> Firewall and NAT -> Check Bypass firewall rules for traffic on the same interface.
This solved my problem.