Need help getting physical networks talking to each other.
-
I tried posting this issue on Reddit, and I was unable to get it to work. What I need is the ability to have my 192.168.0.0/24 network, to talk to 10.20.0.0/16, and 10.30.0.0/16 for filesharing.
10.20 and 10.30 each go through a VPN gateway, and do not have access to my WAN gateway (if that makes a difference). I have tried all types of rules in the firewall and NAT to get these networks to see each other, but haven't been successful. Is there an easy way to do this that I might just be overlooking?
Thanks in advance :)
-
"10.20 and 10.30 each go through a VPN gateway, and do not have access to my WAN gateway (if that makes a difference). "
That doesn't make any sense to be honest.
Draw up your network.. Use of 10.20/16 and 10.30/16 seem bad idea if you ask me… You really have need of some 65K IPs???
So are these network connected to yours via a site to site vpn?? Or are they just local networks your forcing out some vpn gateway in pfsense?
Please draw up your network and post your interface firewall rules..
-
I just used 10.20, and 10.30 because it was easier for me to remember (Since we use similar at work). 10.20 is used for Sonarr etc, 10.30 is used for browsing etc, and the 192 is used for DHCP that uses my ISP as the gateway.
Essentially anything on the 10.20, and 10.30 can't fail to my ISP gateway to reach the internet - they can only use the Private Internet Access gateway. Here are some screenshots:
Maybe not best practice but its working for me. Just need them to talk :)
-
Well you need to put a rule above your rule that forces traffic out a vpn connection if you want them to talk to each other..
So about the rule that is any any going out the piastrong gateway.. Put a rule that allows clients on that network/vlan to go where you want them to go..
Rule are evaluated top down, first rule to fire wins, not other rules are evaluated.
Ok if you want to use 10.20.0 that is fine, why not just use a mask that makes more sense like 24.. So your still now on the 10.20.0 network…. Or the 10.30.0 network but you don't look like you don't have a clue to how subnetting works ;)
-
Well you need to put a rule above your rule that forces traffic out a vpn connection if you want them to talk to each other..
So about the rule that is any any going out the piastrong gateway.. Put a rule that allows clients on that network/vlan to go where you want them to go..
Rule are evaluated top down, first rule to fire wins, not other rules are evaluated.
Ok if you want to use 10.20.0 that is fine, why not just use a mask that makes more sense like 24.. So your still now on the 10.20.0 network…. Or the 10.30.0 network but you don't look like you don't have a clue to how subnetting works ;)
haha, I will change it to /24 :p
Will adding a rule above the VPN gateway rule, allow those clients to fail over to my ISP gateway though? Or just allow them to talk to the network, and not the internet.
Thanks :)
-
Seems to be working on the 1020 and 1030 LAN, but if I add the same rule to the 192 DHCP LAN, that network can't access the internet. Maybe I need to do it differently there?
-
I really should have resized those screenshots lol… oops.
-
No its not done any differently.. But again on your lan your FORCING it out your wan.. so how would it talk to any other local networks.
-
here you go homie. I happen to use PIA so use this as an example.
Local 2 would be my neighbor's subnet, so you can ignore that.
https://snag.gy/cGyrFU.jpg
