Routing Question - Newbie tyep…

fraggle

I have 3 NICs, Wan, Lan & OPT1.

I want to be able to route traffic between LAN and OPT1 and have internet access from both OPT1 and LAN

Lan 10.1.0.0/16
OPT1 10.2.0.0/16
WAN DHCP

Have created the firewall rules on both LAN & OPT to allow any from any.

It doesn't work….

From LAN can ping 10.2.0.1 and get a reply, but if I ping 10.2.0.254 nothing (but if on the 10.2.0.0 network can ping OK, so computers are OK and not being blocked by a software firewall)
From OPT can ping 10.1.0.1 and get a reply but if I ping 10.2.0.1 I don't.
I have internet access from LAN but not from OPT1, but both subnets are doing DHCP OK

What am I doing thats stupid?????

ptt

Post a screenshot of your FW Rules ( LAN & OPT1 Tabs ) & NAT - Outbound also of yor DHCP server setting for LAN & OPT1

fraggle

Thanks for the reply.

LAN_Rule.jpg_thumb

Opt1_Rules.jpg_thumb
Nat#.jpg
Nat#.jpg_thumb
![DHCP Lan.jpg](/public/imported_attachments/1/DHCP Lan.jpg)
![DHCP Lan.jpg_thumb](/public/imported_attachments/1/DHCP Lan.jpg_thumb)
![DHCP OPT1.jpg](/public/imported_attachments/1/DHCP OPT1.jpg)
![DHCP OPT1.jpg_thumb](/public/imported_attachments/1/DHCP OPT1.jpg_thumb)

ptt

Setup the DNS & GW in your DHCP server ( LAN & OPT1 )
Use manual Outbound NAT, and set NAT for:

LAN to WAN

OPT1 to WAN

OPT1 to LAN

LAN to OPT1

Create FW Rules for Allow or Block Traffic for each interface

fraggle

Many, many thanks for the reply!

Can you just explain this pls?

I don't want to do nat between OPT1 and LAN, I simply want to route the packets….

The DHCP stuff was OK by default LAN & OPT1 could both use WAN.

podilarius

You don't have to NAT LAN to OPT as pfSense should route that so long as a rule exists to allow traffic. Are you OPT1 Subnet computers getting an IP address and is the DNS and Gateway the same as the OPT1 interface id? You will also need to create a rule on LAN to allow OPT1 subnet traffic.

fraggle

isn't that what I've done with the rules?

podilarius

Yes, but what have you done on the outbound NAT side?

dhatz

As suggested, manual NAT shouldn't be needed in your case, since pfsense should be routing between LAN and OPT1.

Does the firewall log (Status -> System Logs -> Firewall) show any blocked traffic?

PS: Your DHCP server settings are somewhat odd, since you defined two whole /16 (64K addresses) nets yet only assign IPs from a 100 IP addr block within them, but it shouldn't hurt…

fraggle

Yes, DHCP settings are odd, but DHCP is only on for testing purposes. This setup is going to route traffic between two phone systems whose consoles need to talk to each other.

ahhh… confession time, I've been a knob, but you chaps have pointed me in the right direction & I'm eternally grateful, it seems to be working now.