Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LAN to LAN Setup - I think i'm missing something.

    Routing and Multi WAN
    2
    2
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      projectzme
      last edited by

      Network

      192.168.20.0 <–--> PFSense LAN 192.168.20.212/24 |------| 192.168.70.254/24 Pfsense WAN <------> 192.168.70.0

      On the 20 network I have a router also sitting on 192.168.20.254 this has a rule in it telling anything on the 20 network which tries to go to the 70 network should do so via 192.168.20.212

      The 20 Network is our Main lan with 100 servers and users on it
      The 70 Network is about 40 developers with thier own servers etc

      I can ping across from 20 to 70
      I can ping across from 70 to 20

      If i run a traceroute from the 20 lan to a 70 lan IP address i get

      Hop 1 = 192.168.20.254
      Hop 2 = 192.168.20.212
      Hop 3 = 192.168.70.20
      Sucess

      If i run a trace route from the 70 lan onto the 20 lan i get

      Hop 1 = 192.168.70.254
      Hop 2 = 192.168.20.1
      Sucess

      I can connect to a Windows Server on the 70 lan fine from the 20 lan using UNC

      Locally on the 70 Lan All works well Intranet pages open, UNC Windows paths open..
      Howver from the 70 lan i cannot open up an Intranet page, or connect to a server on the 20 lan from the 70 Lan

      I have a single firewall rule in WAN and LAN which both is to PASS ANY FROM ANY TO ANY
      I set the NAT to Manual in the Outbound Tab
      I've got no default routes, not static routes, no gateways setup

      To start with i'd like to be able to connect from the 70 network to the 20 network as well...
      Once i have complete connectivity, then i'll firewall it up..

      Where am I going wrong, i'm losing sleep and hair over this.. It's something stupid, and i need another set of eyes

      There is no need for anything on the 70 lan to go over the router at 192.168.20.254 and get out to the internet, this is a 2 lan system, which when i have working will use firewall rules to lock down..

      Can anyone please help me with this? It's Late on a sunday..

      1 Reply Last reply Reply Quote 0
      • M
        mibovrd
        last edited by

        If you are NAT'ing out to your developer network then you would have to have a Static NAT for every service or for every server to get in to the server network from the developer network.
        So add a static and test it. Then add all the other statics, or don't NAT just route. If you remove NAT'ing then everything should work.
        Have the developers got a gateway? If so, and it isn't this box then you would need a route on the gateway for the server network.
        Make sure that the Block Private Networks is not checked for the WAN interface.

        Don't the developers have Internet access?

        Tweet: MIBovrd@cqrite http://www.cqrite.com

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.