Two pfsense boxes walk into a bar...
-
@johnpoz Yes, it's asymetrical. One network is a client of another. IT'S SUPPOSED TO BE THAT WAY. But I won't explore here the myriad use cases in which such a design is not only employed but expected.
-
@stephenw10 They're different networks with different purposes. They are not peers. In fact, not every device from the two networks are allowed to talk to each other. In that regard, it's kind of like the entire internet.
One network is a client of another. If you want to solve a different problem, you should start your own thread. The one you know how to solve isn't related to this one.
-
@eveningstarnm said in Two pfsense boxes walk into a bar...:
IT'S SUPPOSED TO BE THAT WAY
Says who - you? It is NOT suppose to be that way.. Already went over all the hoops you have to go through to use it like that..
If you want to run such setup - have fun with it. Couple of minutes to actually create a valid transit network and you wouldn't have to.
You know who runs networks like that - people that don't know any better..
-
@johnpoz Dude. Please avoid my threads. I see no indication that you could be at all helpful to me. You insist on telling me how our networks should be designed when you don't even know how they're related or what they're used for. Those networks don't even have the same TLD. They're different networks with different purposes, and they are not related the way you want them to be. If they were, they would not suit our needs. One is simply using a service that the other provides.
I described the problem. I even found the solution. Your comments have been irrelevant and a total waste of time. I'm blocking you again. The years I spent here not seeing your comments were good ones.
Update: As it turns out, I can't re-block you. I should never have unblocked you.
-
@eveningstarnm good luck! I don't care how you want to use or or intend to use it. Using a network with hosts on it as transit, which is any network that connects routers together.. Is not the proper way to do it.. Sorry but its not..
Can you do it sure - but if you plan on talking to these hosts on this transit - its going to be problematic without the work arounds given, natting or host routing. You were even given a pretty picture showing how traffic will be asymmetrical. But clearly you know better..
-
@johnpoz I don't need luck. I solved the problem, and it's working great. Nothing that you said was helpful.
-
Reviewing this I assume that, effectively, pfSense 2 in your diagram is using pfSense 1 as second WAN?
If it's only using it for that it will work fine. Hosts behind pfSense 2 would be able to access hosts on the pfSense 1 LAN as long as pfSense 2 is outbound NATing the traffic, which removes the route asymmetry. But that obviously obscures the source IP.
Using a transport subnet between the two firewalls is a far more flexible setup and I would certainly recommend doing that if configuring a network where it's possible. But if you know you will never need to route the other way it will work without.
Steve
-
@stephenw10 You are safe in assuming that, since that's what I said in my original post.
-
Yeah, I originally read that as two separate things and the symptoms from the bad cable were exactly what I expect to see from an asymmetry issue throwing me into the weeds!
Anyway, moving on....
-
@stephenw10 I forgot the first step: Always check the cables.
