Ip alias and local network routing
-
Hi,
Thanks for this beautifull product. I use it with succes in simple architecture.
But i try to implement a more complex use and i have a problem.
The attached picture try to explain it the use.My difficuty is : i have one network card on local network with several subnetworks. This subnetworks uses IP Alias on one physical network card.
All subnetworks can acces to Internet, but no to the other subnetworks.This pfsense multiwan-Gateway must route traffic between this locals subnerworks but it doesn't work and i don't find what is wrong …
Can you help me please ?
Thanks a lots.
Philippe.NB : Sorry for my bad English.
-
Oups, i think this question is not at the good place, Routing section was best, Sorry.
-
What firewall rules do you have? What do you see in the firewall logs when you try to route between?
Is there some reason why you're not doing this with VLANs?
Steve
-
What firewall rules do you have? What do you see in the firewall logs when you try to route between?
Firewall rules :
* * * LAN Address 80 2222 * * Anti-Lockout Rule IPv4 * 192.168.126.0/24 * * * * none Default allow LAN to any rule IPv4 * 192.168.120.0/24 * * * * none Lan Mbe to Any IPv4 * 192.168.121.0/24 * * * * none Lan Scola to Any IPv6 * LAN net * * * * none Default allow LAN IPv6 to any rule
Firewall Logs :
Jan 10 16:34:30 LAN 192.168.120.1:53957 192.168.126.101:80 TCP:RA Jan 10 16:34:29 LAN 192.168.120.1:53954 192.168.126.101:80 TCP:A Jan 10 16:34:29 LAN 192.168.120.1:53958 192.168.126.101:80 TCP:A
Is there some reason why you're not doing this with VLANs?
Because some hardwares on the lan don't manage vlan. (many Switch, Embeded electronic, …)
And i am not a real network administrator and my knowledge of vlan is poor :-\I made more tests, when i try to acces a network share, sometimes it's work slowly, sometimes timeed out, sometimes ok.
Stange and i don't understand what append.Thanks, Philippe.
-
Hmm, you should really be using VLANs for this. Is your switch VLAN capable?
Why do you have separate internal subnets? How are they separated?
Steve
-
Hmm, you should really be using VLANs for this. Is your switch VLAN capable?
Not all, 2 of 6 are manageable switch level 1.
Why do you have separate internal subnets? How are they separated?
Steve
Some historics reason.
2 societys who share some servers (one AD, one Exchange, …) and IPBX.They are on the same physical network. The only isolation is made by subnetworks an AD rigths.
On some subnetwork (The 2 subnets where are the PC of the 2 societys) there are no routing/forwarding.
I agree is not the best solution.One question : on pfsense, i only have 3 network card. 2 for Wan and one for LAN.
If i use VLAN, can i put le LAN in multiple VLAN ?Thanks for your help.
Philippe. -
If i use VLAN, can i put le LAN in multiple VLAN ?
You must have a VLAN switch. Then yes, no problem. The cable to pfSense becomes a VLAN tagged port with multiple VLANs. Then you configure the VLAN switch to connect the devices (or other ordinary switches) to the VLANs needed.
-
Yep, like Phil said, you need one VLAN capable switch to use VLANs. That does assume that your three subnets are physically separated logically, you don't have members of every subnet on every switch?
Machines separated by being on a different subnet but part of the same physical network segment is no security at all.
Steve
-
Thanks a lot.
I can't use VLAN because one subnet is for telephony and all switches have at least 2 subnet on it.
Temporary we put all the subnet in the same network and in the future we go to change switches for VLAN capable.