Can'n not access to the Internet
-
Hi all,
I have diagram as picture.
I want config to all Subnets can access to the Internet, but from subnets just ping to 10.10.10.2 can't not access pass over Pfsense.
I'm trying config static route in Pfsense as below:
Interface Network Gateway
LAN 192.168.10.0/24 10.10.10.2
LAN 192.168.11.0/24 10.10.10.2
LAN 192.168.12.0/24 10.10.10.2
==> access cannot performafter that I try with VIP as below:
Virtual IP address Type
192.168.10.1/24 [Proxy ARP]
192.168.11.1/24 [Proxy ARP]
192.168.12.1/24 [Proxy ARP]
==> access cannot performPls help me fix this problem,
Any think pls ask me, I will answer to you.
Regards,
Johnnguyen -
pls see my picture at this link
http://img205.imageshack.us/my.php?image=askap8.jpg
-
Don't set up VIPs for that. Only add static routes. Your diagram shows that the gateway of your static routes should be 10.10.10.1 and not .2. Also make sure you have appropriate routes at the 2620 Router. You need to modify the default LAN to any rule as your LAN subnet at the pfSense is 10.10.10.0/24 and the clients come from 192.168.something. Also check the static routes option at system>advanced.
-
So, I must add static route as folow:
Interface Network Gateway
LAN 192.168.10.0/24 10.10.10.1
LAN 192.168.11.0/24 10.10.10.1
LAN 192.168.12.0/24 10.10.10.1and Firewall rules as folow at LAN as folow:
Proto Source Port Destination Port Gateway Description- 10.10.10.0/24 * * * *
- 10.10.10.0/24 * 192.168.10.0/24 * *
- 10.10.10.0/24 * !192.168.10.0/24 * *
- 10.10.10.0/24 * 192.168.11.0/24 * *
- 10.10.10.0/24 * !192.168.11.0/24 * *
- LAN net * * * *
After config, from pfsense I can ping to Subnets but from subnets ping to Internet is can not> Something is wrong? pls help me
regards, JN
-
Proto Source Port Destination Port Gateway Description
- 10.10.10.0/24 * * * *
- 10.10.10.0/24 * 192.168.10.0/24 * *
- 10.10.10.0/24 * !192.168.10.0/24 * *
- 10.10.10.0/24 * 192.168.11.0/24 * *
- 10.10.10.0/24 * !192.168.11.0/24 * *
- LAN net * * * *
I don't know what you try to do with these rules but they appear totally wrong to me. None of the rules allow access from 192.168.something at LAN. Add a rule that allows anything at LAN first:
Also check the static routes option at system>advanced as I told you. It should work then. If you need to narrow down Access from special subnets or clients add rules if needed after this basic setup is working.
-
Thanks Hoba,
I changed the rule at LAN to any and from Subnets I cant ping to 192.168.2.10, but I can't access to 192.168.2.1 and to the Internet.
I enable WAN rule any to any already but access can't perform, pls help me this problem.
Thanks, JN
-
Hi Hoba, sorry because my network cable was unplug, now subnets can access to the Internet.
I want ask you some questions?
1./ With my system, Can I perform traffic shapper for Subnet?
2./ If I setup the Balancer, to Subnets can access to the Internet, can I perform Advanced NAT and Rules for Subnet transfer over Balancer? and Can I perform traffic shapper on it.Thanks! JN
-
I added new line for WAN 2 ip address: 192.168.2.10 GW: 192.168.2.1
I added 2 WAN to Load Balancer and Load Balancer's status is Online.
I used this rules for WAN 1 and WAN 2:
Proto Source Port Destination Port Gateway Description
-
-
-
-
-
- WAN - Any
Proto Source Port Destination Port Gateway Description
- WAN - Any
-
-
-
-
-
-
-
-
-
- WAN2 - Any
-
-
-
-
and enable Advanced Outbound NAT as follow:
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN any * * * * * NOWAN2 any * * * * * NO
After config: I unpluged WAN 1 and ping to test, but from Subnets I ping to Gateway WAN 2 but to the internet can not.
Pls help me, what is mistake.
Thanks, JN
-
-
Hi Hoba, sorry because my network cable was unplug, now subnets can access to the Internet.
I want ask you some questions?
1./ With my system, Can I perform traffic shapper for Subnet?
2./ If I setup the Balancer, to Subnets can access to the Internet, can I perform Advanced NAT and Rules for Subnet transfer over Balancer? and Can I perform traffic shapper on it.Thanks! JN
You only can shape between 2 interfaces. Before you added your 2nd WAN this would have been possible but with 3 interfaces it becomes a bit harder as the shaperwizard won't help you here and you have to create custom rules. More than 3 Interface shaping is really tricky and we don't support this atm.
I used this rules for WAN 1 and WAN 2:
Proto Source Port Destination Port Gateway Description
-
-
-
-
-
- WAN - Any
Proto Source Port Destination Port Gateway Description
- WAN - Any
-
-
-
-
-
-
-
-
-
- WAN2 - Any
-
-
-
-
These rules are at LAN I guess, however you didn't set the gateway to use the balancer (it's still default). Change the gateway in the rule to use the balancer.
-
-
Yes, I changed gateway for the rules as follow:
At LAN:
Proto Source Port Destination Port Gateway Description-
-
-
-
- Balancer Any –> Any
-
-
-
At WAN1:
Proto Source Port Destination Port Gateway Description-
-
-
-
- 192.168.1.1 WAN - Any
-
-
-
At WAN 2:
Proto Source Port Destination Port Gateway Description-
-
-
-
- 192.168.2.1 WAn 2 -> Any
-
-
-
From subnets I can tracert to Internet over Balancer, however has one problem when I unplug a WAN line ==> system runing is OK, but I restarting Pfsense the system down, cannot access to the Internet???? after that I plug the WAN line to Pfsense the System running is OK, I don't why?
I know the shape can not perform with 3 Interface, but can I perform with balancer interface?
-
-
You have to use one DNS from each of your wans and add a static route through the appropriate WAN to this dns server. Otherwise you'll lose dns resolution if you unplug the first wan. This is covered somewhere at the forum already. If you need more details search for it ;)
-
Oh, so I must config static route for any to DNS Server?
ex: I have DNS server is 200.200.200.200 ==> config is:
static routes to 200.200.200.200/32 with gateway 10.10.10.2is it right?
-
so that is one dns server for 1 gatway
where is the route to the other dns server on the gateway ? -
so, how many DNS servers will be static route to that servers? right?
-
Oh, so I must config static route for any to DNS Server?
ex: I have DNS server is 200.200.200.200 ==> config is:
static routes to 200.200.200.200/32 with gateway 10.10.10.2is it right?
Example:
DNS1 sits at WAN1
DNS2 sits at OPTWANYou don't need a Route to DNS1 as this is handled by the default route
But you need a static route on Interface OPTWAN to DNS2/32 through upstream gateway on OPTWAN.
-
Thanks Hoba
-
Hi Hoba, I want ask you:
Example: I have 3 lines for WAN
WAN 1: 192.168.1.10/24 GW: 192.168.1.1
WAN 2: 192.168.2.10/24 GW: 192.168.2.1
WAN 3: 192.168.3.10/24 GW: 192.168.3.1and subnets:
10.10.10.0/24
10.10.11.0/24
….
10.10.19.0/24Can I create 3 Balancer as follow?
Balancer 1: WAN 1 and WAN 2
Balancer 2: WAN 2 and WAN 3and I want setup 10.10.10.0/24 -> 10.10.15.0/24 traffic to balancer 1 and other subnets to Balancer 2, can I perform this task?
thanks, JN
-
Sure, just set up the two pools and use each one as gateway in the firewallrule at the desired interface.
-
so, for each subnet I just map it's gateway to balancer I want it traffic over?
thanks hoba
-
One again I want ask you, because in system advanced is enable "static route filter", I saw this warning "This option only applies if you have defined one or more static routes. If it is enabled, traffic that enters and leaves through the same interface will not be checked by the firewall. This may be desirable in some situations where multiple subnets are connected to the same interface",
I want ask, Can I make traffic shapping for subnets?