I have a RUT240 that I use for 4G failover for my primary pfSense router.
To set this up, I had to change my mob1s1a1 WAN interface to Bridge mode, then configure the LAN interface to Bridge mode with both ports included, and activate DHCPv4.
I set the LAN IP address to match the subnet of my pfSense router so I can access it from computers within that subnet, and everything works great!
The only issue I’m facing now is that my RUT240 is placed in SUBNET2, and I want to connect to it from SUBNET1. I know that all firewall rules in pfSense are correct, as I can reach other devices in SUBNET2 from SUBNET1, but not the RUT240.
When I perform a traceroute, I see the traffic pass through my pfSense router, but then it gets dropped.
I’ve searched the forums and done my best to troubleshoot, but I’m stuck. Could there be firewall rules that need to be configured on the RUT240?
My RUT240 is running firmware version RUT2_R_00.07.06.13.
Hi…
So… you have rut240 with two subnets?
Do you have a gateway between the two subnets?
I believe that the networks ip address are not the same.
Your RUT240 will be the gateway for both networks?
I have my RUT240 set up primarily as a 4G failover device for my pfSense router. The RUT240 itself is in SUBNET2, while my primary network and pfSense router are in SUBNET1.
There is a gateway between the two subnets — the pfSense router is managing traffic between them. All other devices in SUBNET2 are accessible from SUBNET1 without any issues, except for the RUT240.
The RUT240 is configured in bridge mode, and the LAN IP address is set to match SUBNET2 (to allow access from within SUBNET2). However, when I try to access the RUT240 from SUBNET1, the traffic gets dropped after passing through the pfSense router.
The RUT240 isn’t acting as a gateway for either network; it’s purely serving as a bridge for the 4G failover. Could there be additional firewall rules or configurations required on the RUT240 itself to allow this cross-subnet access?
I’ve attached a network map that I drew up quickly to help explain the setup. As shown in the picture, the RUT240 acts as a 4G WAN failover for my primary pfSense router.
The pfSense router manages two separate subnets:
LAN1 (10.20.0.0/24): My personal devices, including my main PC.
LAN2 (10.30.0.0/24): Servers, another PC, and the RUT240.
I’ve set up firewall rules in pfSense to allow access from LAN1 to LAN2. This setup works fine for all devices in LAN2 — I can connect to Server1, Server2, Server3, and PC2 from my PC in LAN1. However, I cannot connect to the RUT240’s web UI (10.30.0.40) from LAN1.
If I try to connect to the RUT240 from PC2 (in the same subnet), it works perfectly.
My goal is to be able to access the RUT240’s web UI from my PC in LAN1.
I hope this clarifies the issue further. Thank you again for your help!
Hi…
Remember… I wrote about " It is because the RUT240 don’t know where to send the packets back! "
You need to add a route in your RUT240…
sample " network 10.20.0.0 netmask 255.255.255.0 gateway 10.30.0.1 "
This will teach your RUT240 where is the gateway to reach 10.20.0.0/24.
I realized that I had already added a static route in the RUT240, but I mistakenly set the wrong gateway. I had entered my LAN1 gateway instead of the LAN2 gateway. After correcting this to point to the correct gateway (10.30.0.1), everything started working perfectly.
Regarding your note about the RUT240 being an LTE CAT 4 device: in this case, the speed limitation is not an issue, as the mobile connection doesn’t deliver more than 10 mbps anyway.
Thanks again for pointing me in the right direction — I really appreciate your assistance!
While the static route suggestion solved one problem, it has unfortunately introduced a new issue. Here’s what’s happening:
For some reason, pfSense is now assigning a DHCP address to my WAN2 interface. I suspect this is because both ports on the RUT240 are bridged, and it doesn’t know which port should handle the WAN IP and which should serve the LAN subnet. This has effectively created a loop where pfSense sends DHCP to the RUT240, which then sends it back to WAN2 on pfSense, resulting in WAN2 getting a private DHCP address.
I’ve tried removing the static route I added in the RUT240 (Target: 10.20.0.0, Gateway: 10.30.0.1), but it doesn’t seem to resolve the issue. It’s possible there’s still a routing entry lingering in pfSense that clears only after a reboot, but restarting the RUT240 doesn’t seem to help.
I’ve tested everything I can think of, but I can’t seem to resolve this problem. Do you have any suggestions on how I can:
Maintain access to the RUT240 from the 10.10.0.0/24 subnet.
Prevent pfSense from assigning a DHCP address to its own WAN2 interface via the RUT240.
I’m open to any ideas or troubleshooting steps! Thanks in advance for your help.
So… PfSense will use RUT as backup for WAN1 (ISP)
Why not just use a static ip at WAN2 (PfSense), something like 10.123.123.0/30, where Pfsense will be 10.123.123.1 point to 10.123.123.2 (RUT) as backup wan?
I can confirm that restarting pfSense cleared the routing issue, and it now assigns the correct IP from the RUT240.
The RUT240 is set up to act solely as a bridge to forward the 4G IP address to WAN2 on pfSense. If I configure a dedicated subnet with its own IP address, will this setup still work with the RUT240 in bridge mode?
I don’t know too much about pfSense… but, when I do this kind of topology… using static ip address at wan, avoid a mistake issues with dhcp… But… Look what works for you and keep your topology simple as possible… Keep simple, maybe will help for future troubleshooting.
I just wanted to thank you for your valuable help and suggestions throughout this process. I’m happy to say that I’ve finally resolved the issue!
The problem was caused by DHCP traffic looping back to my WAN2 interface in pfSense. To fix this, I disabled the DHCP server for that specific subnet in pfSense. This ensures that no DHCP traffic can be looped back to WAN2, eliminating the issue entirely.
Additionally, I locked the MAC address of my WAN2 interface in the RUT240’s WAN settings. This guarantees that only my pfSense WAN2 will receive the 4G IP address from the RUT240.
Everything is now running smoothly, and I really appreciate the support and advice from this community. Thanks again!
