Connecting Two Subnets with pfSense
-
And is there a software firewall on these vms? Windows for example blocks ping..
Out of the box the lan rules on pfsense would allow you to ping opt2 network. If its not answering points to firewall on that client..
-
Are the client configured to use the correct gateway?
Client1 - 192.168.1.1
Client2 - 192.168.2.1Have you set a gateway in the pfSense LAN and OPT interface config? That must not be set.
The clients have the correct gateway set via DHCP, and neither LAN nor OPT have a gateway set. Both clients have internet access and can ping both LAN and OPT interfaces, but not each other.
And is there a software firewall on these vms? Windows for example blocks ping..
Out of the box the lan rules on pfsense would allow you to ping opt2 network. If its not answering points to firewall on that client..
I'll check, but I've never had the Windows Firewall block pings before. Unless that's because I'm normally pinging from the same subnet.
-
And is there a software firewall on these vms? Windows for example blocks ping..
Out of the box the lan rules on pfsense would allow you to ping opt2 network. If its not answering points to firewall on that client..
That was it, thanks! I disabled the firewall on both clients, and they were able to ping each other.
-
There you go see 1 pfsense and you have 2 network, you could have as many networks as you wanted that your VM host would be able to support ;) Just using 1 pfsense vm.
Now if you wanted you could start getting fun with it and use it to play with vlan tagging, etc. vs your actual physical network simulation you have going on now. Using port groups on your vswitch and then setting up the vlans on the 1 vm nic you have connected to pfsense, etc.
-
There you go see 1 pfsense and you have 2 network, you could have as many networks as you wanted that your VM host would be able to support ;) Just using 1 pfsense vm.
Now if you wanted you could start getting fun with it and use it to play with vlan tagging, etc. vs your actual physical network simulation you have going on now. Using port groups on your vswitch and then setting up the vlans on the 1 vm nic you have connected to pfsense, etc.
I am interested in VLANs and have no experience with them, so I think I will try setting something like that up next.
-
In anyone is still interested, here is how I got it to work with 3 pfsense setup.
I wanted to setup an environment where I have a datacenter and a remote lab.
All machines in the datacenter have the domain datacenter.home.arpa.
All machines in the lab have the domain lab1.home.arpa.
I wanted machines in the lab to be able to reach machines in the datacenter.pfSense1:
- Hostname: pfSense
- Domain: home.arpa
- WAN (dhcp)
- LAN: 192.168.0.1
- Block private networks and loopback addresses: Unchecked
- Forward packets for datacenter subnet 192.168.2.0/24 to datacenter router - 192.168.0.2
- Added gateway
- Name: datacentergw
- Interface: LAN
- Gateway: 192.168.0.2
- Added static route
- Network: 192.168.2.0/24
- gateway: datacentergw
- Added gateway
pfSense2:
- Hostname: pfSense
- Domain: datacenter.home.arpa
- WAN: 192.168.0.2 (static)
- LAN: 192.168.2.1
- Block private networks and loopback addresses: Unchecked
- NAT
- Forward ICMP and TCP/UDP from source:192.168.0.0/16, destination: LAN net to LAN Address
- This automatically added necessary firewall rules as well
- Forward ICMP and TCP/UDP from source:192.168.0.0/16, destination: LAN net to LAN Address
pfSense3:
- Hostname: pfSense
- Domain: lab1.home.arpa
- WAN: 192.168.0.3
- LAN: 192.168.3.1
- Block private networks and loopback addresses: Unchecked
- DNS
- Add a domain override for datacenter.home.arpa and send its queries to datacenter DNS: 192.168.2.1
- DHCP
- Set lab1.home.arpa;datacenter.home.arpa as DNS Search
