Accessing one subnet from another subnet.
-
Yet another question from me.
Ultimately I want to be able to login to my solar panel controllers to check on production for the day. No problem if I am on my laptop and can change wireless networks, however I want to be able to do it from a wired computer, on a different subnet, as well.
I hope the attached schematic helps.
Not sure what rules I need to create, or NAT changes need to be made, or if I have to mess with routing, or creating VIP's, or anything.
/medic
![Screenshot (14).png](/public/imported_attachments/1/Screenshot (14).png)
![Screenshot (14).png_thumb](/public/imported_attachments/1/Screenshot (14).png_thumb) -
You should just need a static route on your pfSense router pointing the non local subnet via the other routers interface.
Then do the nat on the other router.
-
Why would you not just connect your solar panel network to pfsense via another interface or vlan?
Out of the box in such a setup with pfsense natting you would be able to access that 192.168.0/24 network from client behind pfsense since pfsense would nat such traffic to look like pfsense wan IP in the 192.168.0/24 network from your drawing..
Did you turn off pfsense natting? Is your dsl "modem" in your drawing providing 2 different public networks to your pfsense router and your solar panel router?
If I had to guess from your drawing is solar panel router is also natting and that is your problem.. Why would you not just use your linksys routers as AP? I take they are wifi routers?? Is your dsl "modem" also doing wifi?
-
@JohnPoz, VivintSolar set the Solar panels system up. So my wife piggybacks her traffic onto their subnet so she bypasses PFSense, which I am fine with.
I tried having everything going through PFSense, and I kept screwing it all up. If my fancy schmancy network goes down and my wife is unable to connect, my a$$ is grass! So she connects on the 192.168.0.0 network and all is fine and well.
My daughter, MIL and I connect on the 192.168.2.0 network.
PFSense is natting. And it looks like the DSL modem is as well. So should I turn off DSL modem NAT?
Okay, I turned off NAT in the DSL modem, and we lost internet, completely. Even tried a reboot to no avail. So I turned it back on, and all is fine in my little world, for now.Unsure what to check on the solar panel router. It is a cheap D-Link model that I have no familiarity with. I know how to log into it, and that is about all.
DSL modem is not wifi capable, just the Linksys(192.168.2.0) and the D-Link(192.168.0.0) are wifi enabled.
-
So should I turn off DSL modem NAT?
You need NAT on the DSL modem, as the ISP is only providing a single IPv4 address, which you share with NAT. You shouldn't need it anywhere else. Just use plain routing.
-
@JKnott I should turn off NAT on the PFSense machine?
-
Your diagram doesn't look right to me thinking about it.
You have two routers hanging off a single modem.
Are you sure its not a modem / router ?
And what's that Linksys router doing if its just acting as an AP don't do it like this, connect pfSense to the dumb switch and connect the Linksys via it's LAN port.
-
@Nog, it is a modem/4 port router, non wifi enabled. It hands out 192.168.1.64-67 addresses to various devices.
192.168.1.64 is the d-link wifi router, which hands out ip addresses to the solar panels and my wife in the 192.168.0.0 range.
192.168.1.65 is the pfsense box, which hands out ip addresses to most of the network, including the linksys router which is in bridge mode, then an unmanaged switch, then my pc's, amazon boxes, etc in the 192.168.2.0 range.
192.168.1.66/67 are directv boxes which I had a lot of issues with. -
@Nog, it is a modem/4 port router, non wifi enabled. It hands out 192.168.1.64-67 addresses to various devices.
192.168.1.64 is the d-link wifi router, which hands out ip addresses to the solar panels and my wife.
192.168.1.65 is the pfsense box, which hands out ip addresses to most of the network, including the linksys router which is in bridge mode, then an unmanaged switch, then my pc's, amazon boxes, etc.
192.168.1.66/67 are directv boxes which I had a lot of issues with.Your asking for all sorts of problems doing it like this as you have a nat occuring on the modem, pfsense and the d-link.
Can you set the modem / router to modem only mode and do PPPoE on the pfSense router ?
If you can you'd be better off doing something like i've done :-
https://forum.pfsense.org/index.php?topic=142930.msg779126#msg779126
You'd need a vlan aware switch or another dumb switch if your pfSense router has a spare ethernet port.
-
@Nog, OH MY GAWD! What a setup!
My linksys is vlan capable, but I have no idea if I can still use it's wifi AP.
Does your PFSense box still handle DHCP duties for the entire network? -
-
@Nog, OH MY GAWD! What a setup!
My linksys is vlan capable, but I have no idea if I can still use it's wifi AP.
Does your PFSense box still handle DHCP duties for the entire network?Yes all the DHCP for the 6 subnets is done via pfSense.
The 5 vlans hang off my LAN interface.
-
@JKnott I should turn off NAT on the PFSense machine?
Yes. Don't use NAT unless you have to and the only place you need it is with the DSL modem, assuming it's in gateway mode. Also, why do you have that Linksys router, in bridge mode, as well as that unmanaged switch?
I have no idea if it is gateway mode. It is a Comtrend ADSL Router model 5220u.
I put the linksys wrt1900acv1 in bridge mode so it would not hand out dhcp.I should have prefaced this as I am a paramedic, with obviously no networking experience whatsoever. If you're having a stroke, heart attack, medical emergency, I'm your guy.
-
@JKnott I should turn off NAT on the PFSense machine?
Yes. Don't use NAT unless you have to and the only place you need it is with the DSL modem, assuming it's in gateway mode. Also, why do you have that Linksys router, in bridge mode, as well as that unmanaged switch?
I put the linksys wrt1900acv1 in bridge mode so it would not hand out dhcp.
I should have prefaced this as I am a paramedic, with obviously no networking experience whatsoever. If you're having a stroke, heart attack, medical emergency, I'm your guy.
You should just be able to switch off dhcp on the wrt1900acv1, give it a fixed IP address on its LAN interface and connect it to the dumb switch and the dumb switch to pfSense.
-
I have no idea if it is gateway mode. It is a Comtrend ADSL Router model 5220u.
Since you appear to have at least 3 devices connected to it, I'm assuming it is.
I put the linksys wrt1900acv1 in bridge mode so it would not hand out dhcp.
So, it's still acting as a router. You don't need one there.
If you're having a stroke,
I may, after trying to figure this out! ;)
-
Well, I thank you all for the input. Somehow, somewhere I goofed something up, and had to take the entire miscondigured system down. Luckily I do have some older backups before I started making major changes. But it’s time to figure it out.
-
You really should put your networks behind pfsense… Does pfsense box have another interface you can use? or you going to need to invest in a smart switch... Cheap can be had for $30 or less even.. Just stay away from the tplink cheap ones - they don't handle vlans like they say they do.
If our pfsense has another interface just use your wifi routers as AP and switch ports and you can isolate your 2 networks that way. As to pfsense wan side - sure its nicer to put public on pfsense wan. But a double nat also will work..
If you need some help in how to set this all up - just ask...
-
Thanks @JohnPoz.
I'm going to buy a Netgear GS108Ev3. Says it does VLAN's, relatively cheap.
Modem, PFSense, Netgear switch, wireless AP's, then dumb switches.
Sadly i have one of those cheap Qotom boxes with only two ports, so no OPT1 availability.
I also have to read up on both of the wireless AP's. The issues all started when I took the Linksys out of bridge mode, and it created all sorts of havoc. Somewhere traffic was being blocked.
When I go to do all of this, I am going to do a fresh install and work my way from there.
TRUST ME, I will be asking questions.
-
NAT rules went to seed.
I think that I had clicked them disabled, but hadn't clicked save yet. And somehow, someway, they saved.
The new switch arrived today, and while I don't have VLANS figured out, it is capable of doing them. That is something to do on another day as I split wood, and loaded and unloaded three truck loads today.