[solved] Routing Question (me=confused :)

nerbas

Strangely I have no WLAN<->LAN connectivity (ping) and am looking for help with my routing setup.

             __________________            __________________________
Internet –- |DSL Router       | ------- | re1     pfsense      re0 | ----------     LAN
             |          .4.251 |         | .4.254            .1.254 |                .1.0/24 and 
             |_________________|         |          re2             |                .2.0/24 via .1.200
                                         |________ .3.254 __________|
                                                      |
                                                WLAN .3.0/24

DNS Servers are .4.251 (obviously the DSL Router) and .1.2 (a Windows Server in the LAN)
What Routes should I have to make this setup work? Currently the firewall is set to "Accept all", so that can't be a problem. I have the .4.251 as the default gateway - is this correct?

# netstat -r
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.4.251      UGS         1      562    re1
localhost          localhost          UH          0        0    lo0
192.168.1.0        link#1             UCS         0        0    re0
server1            00:08:54:41:21:6e  UHLW        1       11    re0   1205
server5            00:30:48:8f:56:af  UHLW        1      626    re0   1139
server9            da:16:3e:00:00:09  UHLW        1       10    re0   1084
pc-12002           00:30:05:9a:2b:69  UHLW        1        0    re0   1134
192.168.2.0        192.168.1.200      UGS         0        0    re0
192.168.3.0        link#3             UC          0        0    re2
192.168.4.0        link#2             UC          0       40    re1

Interfaces:
"WLAN" [static]                 re2     .4.254/24      Gateway .4.251
"WAN"  [static]                 re1     .3.254/24      Gateway [blank]
"LAN"  [bridge=none]            re0     .1.254/24

Static Routes:
Interface: LAN  	Network 192.168.2.0/24     Gateway192.168.1.200 

NAT:
Port Forward:        [empty]
1:1                  [empty]
Outbound:            (x) Automatic outbound NAT rule generation

Hmm - while writing this I suspect the NAT to be the problem… What do you think?

Thanks for your replies,
nerbas.

wallabybob

pfSense is a firewall. The developers don't know what traffic should be allowed between interfaces so take the "secure" option - don't allow it.

Have you added a firewall rule on the WLAN interface (re2) to allow traffic between WLAN and LAN? (I'm not sure exactly what you mean by the firewall is set to "Accept all".)

How do systems on the wireless LAN know to use .3.254 as the gateway?

Does DNS work on the WLAN systems? (e.g. do you get different results from 'ping by IP address' and ping by hostname')

nerbas

Thanks for your reply, wallabybob!

pfSense is a firewall. The developers don't know what traffic should be allowed between interfaces so take the "secure" option - don't allow it.

:) I will, of course - as soon as the basic functionality works well. To be sure that the firewall options don't cause my described problems I simply set them to allow anything and everything.

ave you added a firewall rule on the WLAN interface (re2) to allow traffic between WLAN and LAN? (I'm not sure exactly what you mean by the firewall is set to "Accept all".)

There is one rule on every interface: Pass * * * * *

How do systems on the wireless LAN know to use .3.254 as the gateway?

Doesn't matter if the get it by dhcp or get configured by hand: my problem stays the same.

Does DNS work on the WLAN systems? (e.g. do you get different results from 'ping by IP address' and ping by hostname')

Does that matter? Even the 'ping by IP address' does not work!

wallabybob

@nerbas:

Thanks for your reply, wallabybob!

You're welcome.

How do systems on the wireless LAN know to use .3.254 as the gateway?

Doesn't matter if the get it by dhcp or get configured by hand: my problem stays the same.

OK, systems should have appropriate default route.

Does DNS work on the WLAN systems? (e.g. do you get different results from 'ping by IP address' and ping by hostname')

Does that matter? Even the 'ping by IP address' does not work!

If you had different results from 'ping by ip address' and 'ping by hostname' it would suggest a possible DNS issue.

Lets get some more details:
From WLAN, does ping to a system in the 1.x subnet get a response? How about to the 2.x subnet?
From the 1.x subnet, does a ping to a 3.x system get a response?
From the 2.x subnet, does a ping to a 3.x system get a response?

You suggest you get the same result using 'ping by IP address' and 'ping by hostname' which suggests you have connectivity to your local DNS server .1.2 (else who supplies the translation from hostname to ip address for the 'ping by hostname' attempt?). Do you get a ping response from the local DNS server? If not, is it configured to ignore pings?

nerbas

From the 1.x subnet, does a ping to a 3.x system get a response?

oooooh bugger :D Thank you! This was exactly the problem. I didn't have a default route back into the .3 subnet - stupid me. The pfsense box was configured ok, but on the .1 client there was a different default gateway which didn't know anything about the .3 subnet.

Thanks again! Works now :)