Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Basic (hopefully) Routing Question

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      grichardson
      last edited by

      Hello Everyone,

      I'm trying to move from Smoothwall Corporate edition to pfSense. Unfortunately I'm running into a problem with some subnets that are connected by routers to the LAN network served by the pfSense LAN interface.

      Machines directly connected to the LAN network (workstations, routers, etc.) are able to talk to the OPT1 (DMZ for us) and out through the WAN areas. Subnets served by routers connected to the LAN network cannot talk to either OPT1 (DMZ) or WAN areas.

      I thought I had set up rules that allowed the traffic but apparently I hadn't. Is there something obvious I need to check.

      Thanks!
      ![Network Drawing.jpg](/public/imported_attachments/1/Network Drawing.jpg)
      ![Network Drawing.jpg_thumb](/public/imported_attachments/1/Network Drawing.jpg_thumb)

      1 Reply Last reply Reply Quote 0
      • D
        dubya
        last edited by

        Is it safe to assume that the 3 internal routers have wan ip's in the 10.3.x.x range and their gateways are set for the pfSense box?

        in other words, more specifics on the ip's in use would be helpful.

        w

        1 Reply Last reply Reply Quote 0
        • GruensFroeschliG
          GruensFroeschli
          last edited by

          I assume your routers behind the pfSense dont do any NAT.
          Did you create static routes for the subnets behind the routers pointing to their respective IP on the 10.3 subnet?

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          • G
            grichardson
            last edited by

            @GruensFroeschli:

            I assume your routers behind the pfSense dont do any NAT.
            Did you create static routes for the subnets behind the routers pointing to their respective IP on the 10.3 subnet?

            Yes and I'm able to ping machines in those subnets from the pfSense diagnostics.

            1 Reply Last reply Reply Quote 0
            • G
              grichardson
              last edited by

              @dubya:

              Is it safe to assume that the 3 internal routers have wan ip's in the 10.3.x.x range and their gateways are set for the pfSense box?

              in other words, more specifics on the ip's in use would be helpful.

              w

              The 3 internal routers have LAN IP's in the 10.3.X.X range and do have the pfSense box as their gateway.

              1 Reply Last reply Reply Quote 0
              • D
                dubya
                last edited by

                I've never used a router with no nat  :-\ so I guess that makes me useless.

                So just looking at one subnet, 10.10.x.x: lets say the routers lan is 10.10.0.1 and its wan is 10.3.0.101.

                You have a static route for 10.10.x.x pointing to 10.3.0.101 and can ping a pc (say 10.10.1.50) from pfsense so you know that basic routing is working.

                So then you would still need some firewall rules:

                question though, Do you need both of these for 10.10 pings to go out and back from the dmz? or is the second one only needed to ping from the DMZ?

                Lan Rule:  proto icmp from 10.10.0.0/16 to 192.168.1.0/24
                and
                DMZ Rule:  proto icmp from 192.168.1.0/24 to 10.10.0.0/16

                sadly I spent a fair amount of time using ping for testing while my rules were set for tcp  :-[

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.