I am looking for some assistance adding a route. I seen a post where Masquerading needed to be disabled. However if I disable Masquerading on the WAN interface I loose Internet connectivity
From the image below I need to a route preferably only from 10.78.239.106 to 192.168.107.10.
I'd appreciate if somebody could add some clarity or provide a good link that does a good job of describing the process.
Thank You
You need to add a route on the pfsense router, that sends all traffic for 192.168.107.0/24 to the gateway at 10.78.239.2.
Then you can allow forwarding traffic on the OpenWrt box, from the WAN interface to the LAN interface, with the restrictions that you need
There is an option to exclude some destination subnets from masquerading, e.g.
list masq_dest '!10.78.239.0/24'
If you prefer to use LuCI, the field is located in the advanced zone settings.
Thanks. According to replies on the OPNSense forums my best option is to add a route on the debian (spam) server. which I do like better after their explanation
That will not work since without a route in the pfsense router you can't turn off masquerade in the OpenWrt router and have symmetric routing between the two lan networks.
The wan subnet can be excluded from masquerading as stated above.
If you loose internet if you turn off masquerading that can be caused by the opnsense router only masquerading its own local subnet, in this case the opnsense router should also masquerade192.168.107.0/24
The way I got it working my not be ideal but I didn't have to beat my head against a brick wall to get it to work.
I first posted here, was told I need to create a route on OPNSense.
I post on the OPNSense forums was told it would be better to create the route on the Debian (spam) server
I posted on the Debian forums and was told I should redo part of my network.
It appeared that it was not going to be fun nor easy to get OPNSense, OpenWRT and Debian to all play nice. So I modified what I already had. I already had a cable connected to the 10.78.239.0 network and one connected to the 192.168.107.0 network, although 192.168.107.0 was DHCP -- not ideal but was meant to be temporary. I changed it to a static IP with no assigned gateway. I then created firewall rules on the Debian server to allow SMTP traffic then block everything else.
