Connecting Two Subnets with pfSense

johnpoz

No you do not need to setup any routes, pfsense knows how to route between its attached networks ;)

tyh

Thanks guys, I'll fire up a VM this morning and let you know how I get on.

tyh

Okay, I set up a new single pfSense VM. Please see below to see how it's set up:

I also created a firewall rule, although it's probably configured incorrectly. There is a default rule to allow LAN to any, so I figured I needed one for OPT1. Following the default rule, I set interface to OPT1, protocol to any, source to OPT1 net, and destination to any.

I can ping OPT1 (192.168.2.1) from Client 1 (192.168.1.100), but I cannot ping Client 2 (192.168.2.100) from Client 1. The same happens from Client 2 to Client 1.

I'm sure the firewall rule is at fault. Can anyone point me in the right direction?

Thanks

viragomann

Are the client configured to use the correct gateway?
Client1 - 192.168.1.1
Client2 - 192.168.2.1

Have you set a gateway in the pfSense LAN and OPT interface config? That must not be set.

johnpoz

And is there a software firewall on these vms?  Windows for example blocks ping..

Out of the box the lan rules on pfsense would allow you to ping opt2 network.  If its not answering points to firewall on that client..

tyh

@viragomann:

Are the client configured to use the correct gateway?
Client1 - 192.168.1.1
Client2 - 192.168.2.1

Have you set a gateway in the pfSense LAN and OPT interface config? That must not be set.

The clients have the correct gateway set via DHCP, and neither LAN nor OPT have a gateway set. Both clients have internet access and can ping both LAN and OPT interfaces, but not each other.

@johnpoz:

And is there a software firewall on these vms?  Windows for example blocks ping..

Out of the box the lan rules on pfsense would allow you to ping opt2 network.  If its not answering points to firewall on that client..

I'll check, but I've never had the Windows Firewall block pings before. Unless that's because I'm normally pinging from the same subnet.

tyh

@johnpoz:

And is there a software firewall on these vms?  Windows for example blocks ping..

Out of the box the lan rules on pfsense would allow you to ping opt2 network.  If its not answering points to firewall on that client..

That was it, thanks! I disabled the firewall on both clients, and they were able to ping each other.

johnpoz

There you go see 1 pfsense and you have 2 network, you could have as many networks as you wanted that your VM host would be able to support ;)  Just using 1 pfsense vm.

Now if you wanted you could start getting fun with it and use it to play with vlan tagging, etc. vs your actual physical network simulation you have going on now.  Using port groups on your vswitch and then setting up the vlans on the 1 vm nic you have connected to pfsense, etc.

tyh

@johnpoz:

There you go see 1 pfsense and you have 2 network, you could have as many networks as you wanted that your VM host would be able to support ;)  Just using 1 pfsense vm.

Now if you wanted you could start getting fun with it and use it to play with vlan tagging, etc. vs your actual physical network simulation you have going on now.  Using port groups on your vswitch and then setting up the vlans on the 1 vm nic you have connected to pfsense, etc.

I am interested in VLANs and have no experience with them, so I think I will try setting something like that up next.

bheemboy1

In anyone is still interested, here is how I got it to work with 3 pfsense setup.

I wanted to setup an environment where I have a datacenter and a remote lab.
All machines in the datacenter have the domain datacenter.home.arpa.
All machines in the lab have the domain lab1.home.arpa.
I wanted machines in the lab to be able to reach machines in the datacenter.

pfSense1:

• Hostname: pfSense
• Domain: home.arpa
• WAN (dhcp)
• LAN: 192.168.0.1
  • Block private networks and loopback addresses: Unchecked
• Forward packets for datacenter subnet 192.168.2.0/24 to datacenter router - 192.168.0.2
  • Added gateway
    • Name: datacentergw
    • Interface: LAN
    • Gateway: 192.168.0.2
  • Added static route
    • Network: 192.168.2.0/24
    • gateway: datacentergw

pfSense2:

• Hostname: pfSense
• Domain: datacenter.home.arpa
• WAN: 192.168.0.2 (static)
• LAN: 192.168.2.1
  • Block private networks and loopback addresses: Unchecked
• NAT
  • Forward ICMP and TCP/UDP from source:192.168.0.0/16, destination: LAN net to LAN Address
    • This automatically added necessary firewall rules as well

pfSense3:

• Hostname: pfSense
• Domain: lab1.home.arpa
• WAN: 192.168.0.3
• LAN: 192.168.3.1
  • Block private networks and loopback addresses: Unchecked
• DNS
  • Add a domain override for datacenter.home.arpa and send its queries to datacenter DNS: 192.168.2.1
• DHCP
  • Set lab1.home.arpa;datacenter.home.arpa as DNS Search