Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LAB Environment VLANs - Can't go out on the web !!!!!!

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 344 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mandeepmails
      last edited by

      Everyone,

      i've ripped apart all the configurations from the PFSENSE box and re-installed it. Configured it again as i know this is capable for meeting my requirements. But not able to achieve it.

      The PC has 3 NICs
      BGE0 - used for WAN PPPoE i.e., setup and works
      RL1 - used with my Home Network 192.168.1.X i.e., setup and works
      RL0 - for the LAB Network 10.100.64.X and 10.100.65.X i.e., Not Working (where i need your help)

      For the LAB Network to be able to access the Internet and accessible from the outside home
      I use it with my study partner to access the virtual machine (using Team-viewer or Anydesk etc)

      Now, what is happening…
      i have the direct ethernet cable going from the RL0 to the Cisco Switch 3560 Port 18 (which doesn't support NAT)
      The virtual machines can't access the outside websites
      And as a matter fact the virtual machines aren't accessible from other 192.168.1.X (home network)

      I would be really happy to see it work flawlessly and for the same reason i've done all the required configurations on both devices (PFSENSE and Cisco Switch)

      I understand what it looks like but not happening

      home.png
      home.png_thumb

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        All you have to do is look at the traffic flow. When traffic enters a firewall it needs a rule. When traffic leaves a router it needs a route.

        So start with PC1 and PC2. Traffic needs to leave so their default gateways need to be 10.100.64.1 and 10.100.65.1 respectively.

        I will assume there are not packet filters on the 3560 so the traffic will be allowed in.

        To leave, the 3560 needs a route. Presumably a 0.0.0.0 0.0.0.0 route to 192.168.1.1

        Traffic on the pfSense interface 192.168.1.1 needs to be passed FROM SOURCES 10.100.64.1 and 10.100.65.1 to the desired destination addresses. Since you are talking about the internet this needs to be destination any.

        Now the traffic has to be routed to the internet. This will consult the routing table on pfSense for the default gateway and send it.

        ONE MORE STEP there is Outbound NAT. You need outbound NAT rules that catch all the sources, including 10.100.64.0/24 and 10.100.65.0/24 and NAT to the WAN address.

        Routing needs to be done on the return path, too.

        pfSense needs a gateway for the L3 switch and static routes for 10.100.64.0/24 and 10.100.65.0/24 to that gateway.

        You don't need to worry so much about firewall rules on the way back because the statefulness of pf should take care of that in most circumstances.

        Check (REALLY CHECK) all those things.

        If traffic leaves a device, it needs a route.

        If traffic enters a device (particularly a firewall) it needs a rule ON THAT INTERFACE.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • M
          mandeepmails
          last edited by

          i truly appreciate your guidance.

          before this i was always using a simple/advanced WIFI router which died on me, also it never met my all requirements such as Vlans, or static routing.

          during last 7 days i've been working really hard to get it all setup, i explored all resources related to the same including blogs, article guides, websites including youtube :-)

          i've understood fairly stateful nature of firewall and all pfsense capabilities. Also, for the default route on the cisco switch 0.0.0.0 0.0.0.0 192.168.1.1 yes i used it in past too when i old router was in picture.

          last week i observed my 10.100.64.0 and 10.100.65.0 could ping 8.8.8.8 etc which showed in traceroute too. However, the traffic that came back till firewall and failed to go all the way till PC1 and PC2. or else i won't have asked for help.

          Now, i'm doing it again from the scratch (jumping with cables for LAN 10.100.64.X and 10.100.65.X) and configuring pfsense keeping in mind, what you mentioned.

          please stay tuned for screenshot and results.

          Really appreciate your help.

          Thank you :-)

          1 Reply Last reply Reply Quote 0
          • M
            mandeepmails
            last edited by

            Guys !!!!!

            i got all the success. Nice to get the helpful response.

            Attached current updated diagram, how it looks like. i know now Pfsense is something i'm gonna keep for many years for now. it made me feel like flying, other petty issues which i used to have, are resolved too.

            altogether, now i've got more control over my complete network. i hope this remains stable.

            i removed the extra cable running through the Dlink WI-FI to the cisco switch was of no use.

            ps - i had faulty NIC which i had to replace caused me 7 days of inconvenience. ;-)

            works like a charm.

            thanks Derelict

            new-home.PNG
            new-home.PNG_thumb

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.