Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Joining 2 separate networks with 2 pfSense boxes - again

    Routing and Multi WAN
    2
    5
    496
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tesna
      last edited by

      I am trying to get the similar thing working but somehow I cannot get it to work. It was connected thru OpenVPN and working fine but I managed to find a way to connect these two pfsense box directly (via wireless link 2 km away)

      from the pfsense box A I managed to ping the other devices behind pfsense B box. However, I can't ping from machines behind the pfsense box A to other machines in pfsense box B.

      pfsense box A
      eth0: WAN
      eth1: LAN (192.168.5.0/24
      eth2: OPT1 (10.0.8.247/24)

      Pfsense box B
      eth0: WAN
      eth1: LAN (10.0.2.0/24)
      eth2: OPT1 (10.0.8.254/24)

      OPT interfaces firewall rules: any to any on both pfsense boxes
      LAN interfaces firewall rules: LAN ~address~ net to any, subnet LAN box A and subnet LAN box B and other direction as well)

      Static routes is set on both machines (on pfsense box A the gateway of OPT1 box B and vice versa)

      Somehow I am stuck. What did I missed?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Why would you have a LAN address to any rule on LAN? Traffic will never arrive on LAN sourced from the interface address.

        You should probably show what you did instead of just saying what you think you did.

        Firewall rules on both sides on LAN and OPT1, gateways, and static routes.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • T
          tesna
          last edited by

          Hmmm I thought I post in another thread, but instead making new thread. LAN to any is for internet connection.

          OK I am not sure how do I explain this well

          pfsense box A
          eth0: WAN
          eth1: LAN (192.168.5.0/24) (firewall rules LAN net to any, and 10.0.2.0/24 to LAN net)
          eth2: OPT1 (10.0.8.251/24) (upstream gateway left blank in interfaces page)
          gateway 10.0.8.254/24
          static routes destination 10.0.2.0/24 set to gateway 10.0.8.254/24

          Pfsense box B
          eth0: WAN
          eth1: LAN (10.0.2.0/24) (firewall rules LAN net to any, 192.168.5.0/24 to LAN net)
          eth2: OPT1 (10.0.8.254/24) (upstream gateway left blank in interfaces page)
          gateway: 10.0.8.251/24
          static routes destination 192.168.5.0/24 set to gateway 10.0.8.251

          Both OPT1 interfaces is connected thru wireless bridge, one acting as AP with IP 10.0.8.253, and on other end acting as client with IP 10.0.8.252. Pfsense box A and B can ping each other on this interface and gateway monitoring shows the gateways is UP on both pfsense box.

          I can ping from pfsense box A to pfsense BOX B LAN

          
[2.4.2-RELEASE][root@pfSense.th0r.lan]/root: ping 10.0.2.254
PING 10.0.2.254 (10.0.2.254): 56 data bytes
64 bytes from 10.0.2.254: icmp_seq=0 ttl=64 time=2.827 ms
64 bytes from 10.0.2.254: icmp_seq=1 ttl=64 time=5.629 ms
^C
--- 10.0.2.254 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.827/4.228/5.629/1.401 ms

          somehow i cant ping from pfsense box B to pfsense box A

          
[2.4.2-RELEASE][root@pfSense.ttp.lan]/root: ping 192.168.5.254
PING 192.168.5.254 (192.168.5.254): 56 data bytes
^C
--- 192.168.5.254 ping statistics ---
6 packets transmitted, 0 packets received, 100.0% packet loss

          traceroute

          
[[2.4.2-RELEASE][root@pfSense.ttp.lan]/root: traceroute 192.168.5.254
traceroute to 192.168.5.254 (192.168.5.254), 64 hops max, 40 byte packets
 1  10.0.8.252 (10.0.8.252)  2.953 ms  1.795 ms  2.336 ms
 2  * * *
 3  * *^C

          I was wondering, 10.0.8.252 is the AP configured as client, why it shows up in the traceroute?  I have double checked that it has been configured correctly and the connection is working fine. I can ping and iperf in both directions fine (from 10.0.8.251 (pfsense box A) to/from 10.0.8.254 (pfsense box B)

          What did I miss?

          1 Reply Last reply Reply Quote 0
          • T
            tesna
            last edited by

            So somehow I managed to get it working, all machines behind each respective pfsense box A and B can communicate with each other. I got it working adding firewall rules in each LAN interfaces to allow traffic in both directions.

            There were some minor issues (the latency up to by 10ms when the usual should be 1ms) but the speed still at the link speed. All is normal, survives reboot, and everything is normal.

            Until today I had to shutdown the one of pfsense box for few hours, then when turning it back on I back to square one (pfsense box A and and B still able to communicates, but not the client machines behind it). I checked the firewall rules, configuration, nothing changed. I am stumped now.

            Can someone post what the correct configuration do this properly? what firewall rules is needed?

            Regards,

            Tesna

            1 Reply Last reply Reply Quote 0
            • T
              tesna
              last edited by

              Ok please disregard my previous messages.

              I disabled CDP in the wireless bridge links on both ends and now the traffic is flowing as intended.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.