I have this topology for a lab and I cannot figure out how to get the Pfsense Firewall and Vyos Router to connect. I have opened up rules to allow traffic on the Pfsense to allow any traffic coming from 172.16.1.2 to 172.16.1.1. Unless there needs to be a more specific rule that allows the WAN and LAN interfaces to connect?
They both are doing DHCP, only that I’ll need to have PFsense doing the NAT. We have static routes setup on the vyos router, but they dont seem to work. Any suggestions?
Do you also have static routes on the pfSense? You probably need some otherwise pfSense won’t know where to send the 192.168.0/24 traffic back.
Addition: Assuming you only route (not NAT) on VyOS then you’ll need a firewall rule that allows traffic from 192.168.0.0/24, not only 172.16.1.2.
Plus on pfSense you’ll need an outbound NAT rule to for 192.168.0.0/24 (see pfSense documentation, Hybrid Outbound NAT).
pfSense automatically creates Outbound NAT rules for the LAN(s) on it but since it doesn’t know about the LAN behind VyOS you have to add it manually.
Exclude Pfsense from this topology.
I had run Pfsense in a company for many years until I met VyOS. VyOS is better than Pfsense. I highly recommended to replace it with VyOS will be better performance and stable.
