Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help getting physical networks talking to each other.

    Scheduled Pinned Locked Moved NAT
    9 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      psulions5
      last edited by

      I tried posting this issue on Reddit, and I was unable to get it to work. What I need is the ability to have my 192.168.0.0/24 network, to talk to 10.20.0.0/16, and 10.30.0.0/16 for filesharing.

      10.20 and 10.30 each go through a VPN gateway, and do not have access to my WAN gateway (if that makes a difference).  I have tried all types of rules in the firewall and NAT to get these networks to see each other, but haven't been successful.  Is there an easy way to do this that I might just be overlooking?

      Thanks in advance :)

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        "10.20 and 10.30 each go through a VPN gateway, and do not have access to my WAN gateway (if that makes a difference). "

        That doesn't make any sense to be honest.

        Draw up your network.. Use of 10.20/16 and 10.30/16 seem bad idea if you ask me… You really have need of some 65K IPs???

        So are these network connected to yours via a site to site vpn??  Or are they just local networks your forcing out some vpn gateway in pfsense?

        Please draw up your network and post your interface firewall rules..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • P
          psulions5
          last edited by

          I just used 10.20, and 10.30 because it was easier for me to remember (Since we use similar at work).  10.20 is used for Sonarr etc, 10.30 is used for browsing etc, and the 192 is used for DHCP that uses my ISP as the gateway.

          Essentially anything on the 10.20, and 10.30 can't fail to my ISP gateway to reach the internet - they can only use the Private Internet Access gateway.  Here are some screenshots:

          Maybe not best practice but its working for me. Just need them to talk :)

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Well you need to put a rule above your rule that forces traffic out a vpn connection if you want them to talk to each other..

            So about the rule that is any any going out the piastrong gateway..  Put a rule that allows clients on that network/vlan to go where you want them to go..

            Rule are evaluated top down, first rule to fire wins, not other rules are evaluated.

            Ok if you want to use 10.20.0 that is fine, why not just use a mask that makes more sense like 24.. So your still now on the 10.20.0 network…. Or the 10.30.0 network but you don't look like you don't have a clue to how subnetting works ;)

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • P
              psulions5
              last edited by

              @johnpoz:

              Well you need to put a rule above your rule that forces traffic out a vpn connection if you want them to talk to each other..

              So about the rule that is any any going out the piastrong gateway..  Put a rule that allows clients on that network/vlan to go where you want them to go..

              Rule are evaluated top down, first rule to fire wins, not other rules are evaluated.

              Ok if you want to use 10.20.0 that is fine, why not just use a mask that makes more sense like 24.. So your still now on the 10.20.0 network…. Or the 10.30.0 network but you don't look like you don't have a clue to how subnetting works ;)

              haha, I will change it to /24 :p

              Will adding a rule above the VPN gateway rule, allow those clients to fail over to my ISP gateway though?  Or just allow them to talk to the network, and not the internet.

              Thanks :)

              1 Reply Last reply Reply Quote 0
              • P
                psulions5
                last edited by

                Seems to be working on the 1020 and 1030 LAN, but if I add the same rule to the 192 DHCP LAN, that network can't access the internet.  Maybe I need to do it differently there?

                1 Reply Last reply Reply Quote 0
                • P
                  psulions5
                  last edited by

                  I really should have resized those screenshots lol… oops.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    No its not done any differently..  But again on your lan  your FORCING it out your wan.. so how would it talk to any other local networks.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • I
                      isolatedvirus
                      last edited by

                      here you go homie. I happen to use PIA so use this as an example.

                      Local 2 would be my neighbor's subnet, so you can ignore that.

                      https://snag.gy/cGyrFU.jpg

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.