Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Same subnet address on LAN and WAN side does not work - why?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 3 Posters 708 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      hoegge
      last edited by hoegge

      When I first set up my pfSense box, I put it between my internal network and my internet provider's router. Resulting in networks like this

      Internet
      |
      Fibernet modem / router
      | (192.168.1.x network with two active addresses - gateway 192.168.1.254 and my device / firewall 192.168.1.217 on WAN interface)
      pfSense firewall
      | (192.168.1.x network with all my own devices - on LAN interface

      This means both the WAN (igb0) and LAN (igb1) ports have the same subnet ranges. DHCP addresses are given out on the LAN side but nothing works - can't even ping the pfSense firewall or access web interface.

      Some would say - that is obvious - how is it supposed to figure out how to route between two identical networks? BUT, the 192.168.1.x range is non-routable - so it should never route anything between these two networks. Only in the case of going to the internet the firewall should route data from internal addresses through the gateway 192.168.1.1 on LAN side and then through the WAN network to the fibernet modem (192.168.1.254) as gateway to the internet and things coming back should be received on 192.168.1.217 on the WAN side and delivered to the client on the LAN side. Why does it not work? Is it because pfSense (and Linux boxes in general ) can only differentiate different interfaces by their subnet addresses?

      kr
      Hoegge

      1 Reply Last reply Reply Quote 0
      • K Offline
        kpa
        last edited by kpa

        "Non-routable" applies to only from the global perspective. RFC1918 addresses are not routable over the internet but locally all the rules for routing still apply, you can't have conflicting routes on the routing table or the system won't have a clue which interface/gateway it should send the the traffic to.

        H 1 Reply Last reply Reply Quote 2
        • jimpJ Offline
          jimp Rebel Alliance Developer Netgate
          last edited by

          Do not confuse "non-routable" with "link-local". The behavior you describe is not the behavior of RFC1918 networks, as @kpa explained. What you describe is "link-local" behavior, which for IPv4 is the APIPA range, 169.254.0.0/16 and for IPv6 is fe80::/10

          Even then IPv4 doesn't work properly with the same subnet on two different non-bridged interfaces. IPv6 works because it has interface scoping which gives the OS a nudge to know how to reach specific addresses even when there would otherwise appear to be a conflict.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 1
          • H Offline
            hoegge @kpa
            last edited by

            @kpa Thanks. I thought you could never address a 192.168.1.x address and similar outside your own subnet. Then it makes sense why the firewall would have an impossible task managing a setup with two similar subnets.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.