Multi LAN - Single Wan
-
im using 1.2.3-RELEASE
WAN 1 –- pfsense server(90.0.0.1) ------ LAN 1 (90.0.0.0/24)
this is my previous setup and no problem at all, been using it for 1 years already...now after upgrade our LAN and using lease line, the provider has set new subnet which is 90.0.1.0/24
WAN --- pfsense server(90.0.0.1) ------ LAN 1 (90.0.0.0/24)
------ LAN 2 (90.0.1.0/24)ive add on static routes
Interface Network Gateway
LAN 90.0.1.0/24 90.0.0.201the ip 90.0.0.201 is created by our vendor, the problem is, i cant set up the LAN to to access our internet (WAN1). Im not sure what im doing wrong here, issit because im using squid lusca cache? i already add access control > allowed subnet 90.0.0.0/24 and 90.0.1.0/24. Still i cant allow LAN2 access WAN1
-
You probably just need to switch to Manual Outbound NAT and then add a rule in to NAT the second LAN network to WAN (just copy the rule for the LAN subnet and adjust the subnet)
-
thanks for the reply…
after change it to manual NAT..there one entry has been created.
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN 90.0.0.0/24 * * * * * NO Auto created rule for LANand ive add
WAN 90.0.0.0/24 * * * * * NO Auto created rule for LAN2
am i doing right things here?
btw, can this rules manage to get the LAN2 appear on ARP Table? ive manage to modify the ARP Tables to get my whole network MAC address to prevent some user might change their own IP address..
-
That second line (the one for LAN2) should have a subnet of 90.0.1.0/24.
And no, if 90.0.1.0/24 is only reachable by a router, then MAC addresses for that subnet will not show up in the ARP table.
-
opps..sorry..yep..its 90.0.1.0/24 :o my bad..
is there any way i can get their mac address? what about proxy/lusca_cache.. will LAN 2 get cached too?
-
You'd need to add that subnet into an ACL for squid, I don't use the lusca version so I can't say what that might entail.
No way to get their MAC unless everything was in one large subnet without an intermediate router.
-
what about static routes? do i need to apply that also?
here my current?Interface Network Gateway
LAN 90.0.1.0/24 90.0.0.201 -
Not sure what you're asking about applying them to. NAT? Squid? You don't need to do anything to them for static routes
-
my squid seems didnt capture anythin via lightsquid..
same goes for LAN2, still cant access anything on WAN (internet)not sure what i missed here..
-
SQUID seems didnt work for LAN2
-
Did you add the LAN2 subnet to squid's list of authorized networks/subnets?
-
Did you add the LAN2 subnet to squid's list of authorized networks/subnets?
yep..ive already add that into that…
90.0.1.0/24
still cant get LAN2 go through the net via LAN1 -> WAN -
updated with attached layout
-
Same Problem with me.
I'm using pfsense 1.2.3 release.
I have LAN(10.10.254.0/24) ,virbr2_ES(10.10.4.0/24), virbr0_SS(10.10.2.0/24),1 WAN(dhcp 192.168.2.0/24).
NAT rules:
WAN 10.10.254.0/24 * * * * * NO Auto created rule for LAN
WAN 10.10.4.0/24 * * * * * NO rule for virbr2_ES
WAN 10.10.2.0/24 * * * * * NO rule for virbr0_SSFirewall is friendly and blocks nothing.
DNS forwarder is active.Mysterius things happens:
from LAN:nslookup www.google.de
Server: 10.10.254.1
Address: 10.10.254.1#53** server can't find www.google.de: REFUSED
–-----and minutes later-------
nslookup www.google.de
Server: 192.168.2.100
Address: 192.168.2.100#53Non-authoritative answer:
www.google.de canonical name = www.google.com.
www.google.com canonical name = www.l.google.com.
Name: www.l.google.com
Address: 74.125.79.104
Name: www.l.google.com
Address: 74.125.79.147
Name: www.l.google.com
Address: 74.125.79.99the same on all "LANs", sometimes it works and sometimes not ??
DNS is not the only Problem.
When it works I could resolve names but from the opt interfaces virbr2_ES and virbr0_SS
sometimes i can ping in the internet(www.heise.de) and sometimes not.Some Idears?
-
My Static Rules is
Interface : LAN
Destination network : 90.0.1.0/24
Gateway : 90.0.0.201yet still i cant manage to get my LAN2 connect to the internet.
here my manual outbound.
