Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing between local subnets (on one interface each)

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Merkel
      last edited by

      Hi.

      Here is my Configuration for now:

      iam using the "pfSense-1.2.2-Embedded.img" on "alix.2d3" Hardware

      configured Interfaces:

      LAN [vr0] as 192.168.0.1 client Network
      WAN [vr1] as 192.168.178.3 static I-Net Connection over another Router(192.168.178.1)
      OPT1[vr2] as 192.168.242.1 client Network

      FW-Rules:

      For LAN: Pass # ANY Protocol # LAN -> ANY
      For WAN: Standard(Block private networks, Block bogon networks)
      For OPT1: Pass # ANY Protocol # OPT1 -> ANY

      The Problem is that there is no Routing between the two Subnets
      so no Ping or any traffic between, either from "LAN -> Opt1" or "Opt1 to LAN".

      must i activate routung between the two Subnets manually via console?
      Is there a FreeBSD "gateway_enable="YES"" switch?

      Can anybody please help?

      1 Reply Last reply Reply Quote 0
      • I
        ITCoresys
        last edited by

        From your configuration, it looks as if you have another device functioning as the NAT/PAT Translator/Stateful inspection/firewall function (your WAN interface is numbered in private address space), so perhaps you need to turn off the firewall feature in pfSense in the advanced section to make it a straight router?

        Its in the "Traffic Shaper and Firewall Advanced" section of the Advanced page labeled "Disable all packet filtering".

        Also, blocking private networks and bogons on your WAN will prevent any 192.168.x traffic from the upstream router since 192.168.x traffic is defined as private.

        As for routing between LAN's in firewall mode, Im not sure pfSense was designed for that. Cisco, Sonicwall, and other commercial firewall vendors generally dont recommend routing with your firewall appliance. Layer 3 switches, router appliances, Windows/Linux/BSD boxes with Quagga or other routing software is usually best.

        Windows server with RRAS enabled actually isnt too bad a router since Microsoft's routing engine in their server has been based on license Bay Networks code from back in the 2000 days.

        1 Reply Last reply Reply Quote 0
        • M
          Merkel
          last edited by

          Problems solved!
          The Problem was me, not pfSense,
          but although thank you for your reply ITCoresys.

          I didn't know or remind that Windows ICMP-Ping(Reply) is deactivated by default on actual Windows Machines. So there even is no "Linux, Unix,…-Ping" if you have activated Windows-Shares on machine A and B and of course opened corresponding Ports in the FW.

          So there is a "Windows-Ping" which only works under Windows machines in the same Subnet. The "ICMP-Ping-Reply" must be manually activated at your Windows-Machines of which you want to get an answer(for windows XP and higher i think).

          Maybe If you have a Wins-Server in both Subnets which are integrated as DNS-Server, the ICMP-Ping(by IP!) may work. I didn't test it, but Windows-Shares over a router only work when you've such Servers in your Subnets as I think due to my test. Even connect to a Windows-Share by IP (\%IPAddress%) over the router didn't work! I don't know why, and there are meanings that this should work! Maybe someone can get me some information for that - so for now i think i must have a Windows Server(which is solving "some" requests?) in both Subnets to use any type of Windows-Share over a Router.

          I've tested it with Windows732(Final) as A and Vista64 as B and as iam using Win-Server(as DNS Entry only for my Clients that are not in Domain) in both subnets there where no problems anymore - What a s***!

          Maybe it is also helpfull to mention that of course I've used IPv4 only.

          Hopefully this would help someone else which such a halfknowledge like me.

          Thanks to pfSense for such a great product!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.