LAN subnets can't see LAN interface of pfsense
-
newbie
I am attempting to use pfsense for the firewall between our Lync Edge servers (Edge and reverse proxy) inside interfaces and our LAN. pfsense LAN ip is 192.168.1.5. LAN subnet where Lync FE is 192.168.3.0/24. I may be over complicating. I can get to the pfsense Web config if I am on the same subnet (192.168.1.0/24) but not on the subnet where the Lync FE resides.
is this an internal routing issue?
-
You need to explain your network more precisely.
192.168.1.5 is a /24 and your LAN?
192.168.3.0 /24 is what? Your WAN or Opt1 or …?Right now it could be ruleset, routing, switching, ... you name it.
-
here is a quick and dirty diagram.
-
Huh.. How do you have a 192.168.1.5/32 address on what I assume is pfsense lan? And then a network of 192.168.3/24??? That would never work trying to connect from a 192.168.3.
If pfsense is going to be on a 192.168.3/24 network then it should have an IP in the 192.168.3 network.
-
Sorry.
So the LAN interface is 192.168.1.5. I believe i just misused subnet notation. The way we have our internal network setup is separated into logical subnets (logical to us I guess). 192.168.1.0/24 is where the users reside. 192.168.3.0/24 is where the servers reside. The two subnets can talk to each other through layer 3 switch and some routing.seems like I am trying to complicate. I will go about putting the LAN interface of pfsense on the 192.168.3.0/24 subnet.
-
Ah well if you have a L3 switch (router) downstream then pfsense should be connected to this router (L3 switch doing rouing) via a transit network.. Otherwise your going to have all kinds of asymmetrical issues. BTW you didn't list your downstream router in your drawing and still use of /32 on your interface is going to be an issue as well. You would want to use the correct mask for whatever your transit is - common would be say a /30
Then your also going to have to make sure your rules on your transit interface allow for the downstream networks, and you're also going to have to make sure your outbound nat is setup to nat the downstream networks.
This has been coming up a bit lately.. If I find the time I will put together a wiki article on setting up downstream routers.. I thought I just did a thread about this.. Let look if I can find it.
edit:
Here is the one of the threads where went over the problem asymmetrical, and talked about downstream.. there have been others but I found this one first
https://forum.pfsense.org/index.php?topic=105825.15Derelict put together a nice drawing even in that thread.
