Lan Gateway Pfsense

Aldy

Hello everyone,
I have a problem and I would like help.
I installed pfsense on my server as part of a large project. Normally, it is quiet everything works (when I plug a machine directly on my LAN leg), but when it is necessary to include my gateway in the LAN tab of my server to transport my connection via a network other than that introduced in the application, "There, I have more connection"
I have remote sites that require this gateway to be included in order to carry my WAN connection.
On the other hand, the switch ports (CISCO Catalyst 2960-x series) previously configured via VLAN x to carry the connection no longer work strangely, whereas before that was functional before including my gateway on the LAN leg. And when I remove my gateway on this same leg again, nothing is ok, no connection !!!!!!

NB: The config of my switch are good and other equipment are connected to these ports and work.

johnpoz

So you you have a downstream L3 switch doing routing..

Your going to have to draw up your network if you want help.. Did you setup routes in pfsense to your downstream networks? etc..

You would not actually set gateway on pfsense lan interface.. You would need to create a gateway in the routing tab, and then route(s) to your downstream.

Aldy

@johnpoz We have already created our network via an architecture that I would like to send you. If possible, can you send us your email address so that we can exchange?

johnpoz

just sent via PM

johnpoz

Ok that is pretty broken..

For starters you have 10.1.1/24 what looks like 2 different legs on your downstream router.. And also 192.15 is not a valid rfc1918 space.. Do you own that? I would not think so since registered to iran, and take it your french?

johnpoz

Is this what your wanting to say?

if so then 10.1.1/24 is your transit to your other networks... Do you have any other downstream networks hanging off the 10.35.1 ?

Do you have any hosts on this 10.1.1/24 network? If so your going to run into asymmetrical routing problems

Aldy

@johnpoz You have effectively summed up the schematic diagram. Indeed our transit 10.1.1 0/24 is in progress. On the other hand, we have hosts downstream of the 10.35.1.0/24.
We do not have hosts on the 10.1.1.0/24 network.
The address 10.35.1.0/24 is the address of the remote router. And the address 10.1.1.0/24 is a leg of the Head router.

johnpoz

Ok lets call it this for discussion.. I put some interface IPs on the drawing.

So in this case you need to create a gateway in pfsense pointing to your router 10.1.1.1

Then you need to create routes on pfsense using 10.1.1.1 as the gateway for whatever downstream networks that router knows how to get to.. 192.168.15 for example - and any networks downstream of that 10.35.1 network that router knows how to get to.

Then you need to adjust routes on you router that use 10.1.1.2 (pfsense) for whatever networks you want to use pfsense to get to, or for where you might be coming from, say a vpn tunnel network. Unless your downstream router is going to use pfsense 10.1.1.2 as its default route?

You will also need to adjust pfsense rules on the 10.1.1 interface to allow for your downstream networks that will be creating outbound connections through pfsense, and you will want to double check that your outbound nat on pfsense reflects your downstream networks. If left on auto this should be auto done for you when you create your routes in pfsense.

Aldy

This post is deleted!

Aldy

@johnpoz OK it's noted.
However, we have other server that is in this range of address: 10.1..1.x, how to do not saturate Chimpanzee switch requests that will be issued by other hosts who want to reach the other server via this chimpanzee switch?