Routing Networks



  • Hello friends!
    I'm new here and I do not know if this is really where I post, but did not find best place in the forum.
    I have some doubts of good practices and also how to and would like your help to perform these the best ways, so we go to the scene and then the goal of the task.

    Today we have 3 networks

    A) 192.168.0.0/24
    B) 172.16.0.0/22
    C) 10.10.0.0/16

    Networks mentioned above are isolated and we want to keep it that way, however, we have services that must be distributed to all networks and I would like to know how best to do it.
    Example.

    Spice works:
    We want to provide the same facility of Spiceworks for all networks, noting that Spiceworks server is running on the 192.168.0.0 network.

    Could you help us?

    Thank you very much!


  • LAYER 8 Global Moderator

    Help you what?  You say isolated, how.. How do you plan on connecting them.  Yes you can route between those network, yes you can firewall between those network?

    I am not understanding what your question is?

    As to good practice I can tell you for sure 10.10.0.0**/16** is not good practice… Do you have 65,000 hosts all on the same layer 2?  How many actual devices are on that network?

    Can you draw up your current network(s) and we can put together a plan to allow them to talk to each other while maintaining as much isolation as you want, etc.



  • Hello good day.
    Thanks for the answer.

    My question is:
    How can I access a destination on the network service "A", but I'm in the "C" network.
    Imagine the following.
    I have a web service running on port 80 on the network "A" with ip 192.168.0.1, running through the FQDN server1.business.intranet, I would like to access this FQDN in any internal network. What better way to do this?

    We have a network /16 because we use this isolated network to WIFI, indeed /16 is exaggerated, we will reduce it.


  • LAYER 8 Global Moderator

    still not understanding the question.  Yes if all of these networks are connected to pfsense, and yes if setup the firewall rules to allow the traffic you want say port 80 then yes the networks can talk to each other.

    How do you have these networks isolated now?  Please draw your current network(s) and we can discuss how to connect them and let them talk yet put in the firewall rules to block the traffic you don't want, etc.

    I am curious how you are involved in this since seems you don't understand even basic networking on how network A talks to network B..  I have a funny feeling that you are running all three of these networks over the same layer 2??

    You do understand you could use 192.168.0.0/24, 192.168.1.0/24 and 192.168.2.0/24 or sim, you don't have to use the 3 different classes in the rfc1918 space to isolate, etc.

    What hardware are you working with?  How is it all connected?



  • Hello Johnpoz.
    We are using pfsense latest version 6 network interfaces.
    I say 6 interface because we have 3 internal networks vlan isolated via ADSL and 3 input.
    We have completely different networks to facilitate what each network.

    Each network comes with a dedicated cable, so there are 6 panels rule in pfsense, one for each network, currently there is no network communicating with each other, we have no rules allowing it, and that's what quermos do.

    What is the best way to access a service via http a network via another network.

    I forgot to say earlier, pfSense is DNS server of B and C. networks


  • LAYER 8 Global Moderator

    "vlan isolated via ADSL"

    What??

    So you have 3 wan connections and 3 lan side connections.  What are the rules on these network interfaces in pfsense?  Your pointing each interface out its specific gateway?  Please post up rules from your your interfaces.

    If you have each interface forced out a specific gateway, and you want network A to talk to http on network B you have to place a rule above the rule that forces traffic out the gateway.  Please post up your rules and we can go over what you hvae to do to allow traffic between your segments.



  • Good afternoon.
    Each network is isolated, each network uses VLAN.

    We gateway groups working perfectly, each group contains two wan and these are working beautifully.

    All current rules are releasing internal access to external access, simple rules, example, port 53, 80, 443.

    Each network has a specific gateway (in the case of course the pfsense), example:

    172.16.0.0 network gateway is 172.16.0.254 (This is the ip pfsense)
    Network 192.168.0.0 is the gateway 192.168.0.254 (This is the ip pfsense)

    The pfSense contains 6 interfaces, so far everything works great.

    How do I address the network 172.16.0.0 reach a service that is on the network 192. The gateway to all of the network is the same pfsense

    In the network my server works with the following ip address 192.168.0.1.

    As a computer with ip 172.16.0.200 will reach this server? Recalling that access must be made via DNS (FQDN)


  • LAYER 8 Global Moderator

    JFC post your rules so we can discuss.,

    What are you rules ABOVE your rules forcing traffic out a gateway..  Your gateway sure and the hell can not get to other "lan" interfaces on pfsense.



  • I am confused why VLAN is being used if these networks are indeed separated and use different LAN interfaces. Do they share the same switch?

    A diagram would help more than anymore confusing comments.


Log in to reply