[solved] Routing Question (me=confused :)
-
Strangely I have no WLAN<->LAN connectivity (ping) and am looking for help with my routing setup.
__________________ __________________________ Internet –- |DSL Router | ------- | re1 pfsense re0 | ---------- LAN | .4.251 | | .4.254 .1.254 | .1.0/24 and |_________________| | re2 | .2.0/24 via .1.200 |________ .3.254 __________| | WLAN .3.0/24
DNS Servers are .4.251 (obviously the DSL Router) and .1.2 (a Windows Server in the LAN)
What Routes should I have to make this setup work? Currently the firewall is set to "Accept all", so that can't be a problem. I have the .4.251 as the default gateway - is this correct?# netstat -r Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.4.251 UGS 1 562 re1 localhost localhost UH 0 0 lo0 192.168.1.0 link#1 UCS 0 0 re0 server1 00:08:54:41:21:6e UHLW 1 11 re0 1205 server5 00:30:48:8f:56:af UHLW 1 626 re0 1139 server9 da:16:3e:00:00:09 UHLW 1 10 re0 1084 pc-12002 00:30:05:9a:2b:69 UHLW 1 0 re0 1134 192.168.2.0 192.168.1.200 UGS 0 0 re0 192.168.3.0 link#3 UC 0 0 re2 192.168.4.0 link#2 UC 0 40 re1
Interfaces: "WLAN" [static] re2 .4.254/24 Gateway .4.251 "WAN" [static] re1 .3.254/24 Gateway [blank] "LAN" [bridge=none] re0 .1.254/24 Static Routes: Interface: LAN Network 192.168.2.0/24 Gateway192.168.1.200 NAT: Port Forward: [empty] 1:1 [empty] Outbound: (x) Automatic outbound NAT rule generation
Hmm - while writing this I suspect the NAT to be the problem… What do you think?
Thanks for your replies,
nerbas. -
pfSense is a firewall. The developers don't know what traffic should be allowed between interfaces so take the "secure" option - don't allow it.
Have you added a firewall rule on the WLAN interface (re2) to allow traffic between WLAN and LAN? (I'm not sure exactly what you mean by the firewall is set to "Accept all".)
How do systems on the wireless LAN know to use .3.254 as the gateway?
Does DNS work on the WLAN systems? (e.g. do you get different results from 'ping by IP address' and ping by hostname')
-
Thanks for your reply, wallabybob!
pfSense is a firewall. The developers don't know what traffic should be allowed between interfaces so take the "secure" option - don't allow it.
:) I will, of course - as soon as the basic functionality works well. To be sure that the firewall options don't cause my described problems I simply set them to allow anything and everything.
ave you added a firewall rule on the WLAN interface (re2) to allow traffic between WLAN and LAN? (I'm not sure exactly what you mean by the firewall is set to "Accept all".)
There is one rule on every interface: Pass * * * * *
How do systems on the wireless LAN know to use .3.254 as the gateway?
Doesn't matter if the get it by dhcp or get configured by hand: my problem stays the same.
Does DNS work on the WLAN systems? (e.g. do you get different results from 'ping by IP address' and ping by hostname')
Does that matter? Even the 'ping by IP address' does not work!
-
Thanks for your reply, wallabybob!
You're welcome.
How do systems on the wireless LAN know to use .3.254 as the gateway?
Doesn't matter if the get it by dhcp or get configured by hand: my problem stays the same.
OK, systems should have appropriate default route.
Does DNS work on the WLAN systems? (e.g. do you get different results from 'ping by IP address' and ping by hostname')
Does that matter? Even the 'ping by IP address' does not work!
If you had different results from 'ping by ip address' and 'ping by hostname' it would suggest a possible DNS issue.
Lets get some more details:
From WLAN, does ping to a system in the 1.x subnet get a response? How about to the 2.x subnet?
From the 1.x subnet, does a ping to a 3.x system get a response?
From the 2.x subnet, does a ping to a 3.x system get a response?You suggest you get the same result using 'ping by IP address' and 'ping by hostname' which suggests you have connectivity to your local DNS server .1.2 (else who supplies the translation from hostname to ip address for the 'ping by hostname' attempt?). Do you get a ping response from the local DNS server? If not, is it configured to ignore pings?
-
From the 1.x subnet, does a ping to a 3.x system get a response?
oooooh bugger :D Thank you! This was exactly the problem. I didn't have a default route back into the .3 subnet - stupid me. The pfsense box was configured ok, but on the .1 client there was a different default gateway which didn't know anything about the .3 subnet.
Thanks again! Works now :)