I have this problem pretty frequently, and it always pisses me off: a pfSense router has a static route or two configured, and it works to ping through them in the router’s own Diagnostics … but they’re ignored entirely when requests come from machines on the LAN.
Here’s the fix.
First, as normal, you need to set up a Gateway pointing to the static route relay on the LAN. Then set up a static route through that new Gateway, if you haven’t already.
Now, you need to go to System–>Advanced–>Firewall & NAT. Look about halfway down the page, for a checkbox “Static route filtering” with flavor text “Bypass firewall rules for traffic on the same interface”. Check that. Scroll to the bottom, and click Save.
Once that’s done, if traceroutes from the LAN to the target network still go out through the WAN instead of through your local gateway… add a firewall rule to fix it.
Firewall –> Rules –> Floating
New rule at the TOP.
Action–> Pass
Quick–> CHECK THIS.
Interface–> LAN
Protocol–> Any
Source–> LAN net
Destination–>Network–> [ target subnet ]
Save your firewall rule, and apply it: within a few seconds, traceroutes from the LAN should start showing the new route.
Thanks for sharing. It worked for me.
Thank you very much for sharing this info; I’ve spended days and days to understand how to resolve this problem, finally your post makes clear the reason (and the solution) for the wrong route.
Thank you Jim!
I started using OPNsense. It just feels better. Written by the Germans too so…
I have pulling my hair out for a week and banging my head as to why I can successfully ping using Diagnostic (Ping) from within pfSense, but couldn’t get it to work from a PC attached to the LAN. Tried your floating firewall rule solution and eureka it works. Thank you!!!!
This actually somehow worked for me, after long hours of troubleshooting.
Thank you, i appreciate it!