Assistance with internal Lab Setup

fieldsg22

Hello everyone. Sorry for being so 'dumb' about this, but been trying for a few hours to find out if this was possible.

Scenerio:
My IP Scheme for my devices is the default 192.168.1.x provided from the ISP modem/router. I am in the process of setting up an internal lab with the IP Scheme of 10.4.1.x on VMWare devices. I have pfsense community edition 2.5.0 installed on a vmware freebsd server. I am able to log into pfsense with no issue with both the 192.168.1.xxx ip and 10.4.1.x ip.

I currently have 8 VM's setup that all have 10.4..1.x IP addresses. In these 8 VM's is a management server that installs a client on the endpoints, provides updates, security, etc. So, each device has to be able to communicate to the management server with IP 10.4.1.100 (example). I do, however, need to connect 2 physical macbook's that are connecting to home wifi and have 192.168.1.x IP's. These 2 macbooks are unable to talk to the management server on IP 10.4.1.100 when the client is installed. I attempted to ping 10.4.1.100 from the macbook's but it fails.

What needs to be configured in pfsense to allow 192.168.1.x devices to talk to the 10.4.1.x network?

Screen Shot 2022-09-14 at 1.05.13 PM.png

RobH 0

@fieldsg22 Have you created firewall rules to allow communication from 192.168 to 10.4.1? If not, that's your issue. By default, pfSense blocks all traffic between VLANs.

fieldsg22

@robh-0 I have not and trying to set this up. I appreciate you validating that this needs to be done. Now to spend time to allow 'any'

viragomann

@fieldsg22
Additionally pfSense blocks private IPs on WAN by default.

You have to go to the WAN interface settings and remove the check at "block private networks" to allow access.

fieldsg22

@viragomann This appears to be unchecked as well

Screen Shot 2022-09-14 at 1.34.23 PM.png

fieldsg22

@RobH-0 there has to be another factor in this. I have setup rules but still unable to ping or access 10.4.1.x from the macbook with 192.168.1.x

viragomann

@fieldsg22 said in Assistance with internal Lab Setup:

there has to be another factor in this. I have setup rules but still unable to ping or access 10.4.1.x from the macbook with 192.168.1.x

Yeah, presumably the routing table on the mac.

You have to tell the device that the 10.4.1.x is behind the pfSense WAN IP. Otherwise it will send its packets meant to this network to the default gateway.

RobH 0

@fieldsg22 Please share screenshots of the rules you created.

fieldsg22

@RobH-0 my apologies I have been away. Here are the screenshots

fieldsg22

This post is deleted!