Routing between two interfaces on pfSENSE not working (lack net knowledge)

  • Bonjour everyone. To start off, I have weak network knowledge and trying to increase it as I've been employed a sys admin in a company, I haven't had to tackle much networking as of yet, untill now.

    So here is the scenario with a beautiful image to help explain.

    We have 2 VMware hosts, "ESXi A" and "ESXi B". They are hosted by some company. That company provides their internal private network so that we can communicate between the hosts without going through the public addresses.
    We do not get to choose the private addresses, they define them.
    And so the hosts are configured in DHCP to obtain the config for the interfaces.

    To simplify we have our own private network and we use a pfSENSE (Virtual Machine ) on "ESXi A" to handle the routing between our private network and the other virtual machines on this host.

    We bought another "ESXi B" to do the same things as "ESXi A", however, instead of adding another pfSENSE on that host to do routing, we instead decided to route between the two hosts via the private hosting company network.
    So that we can use the pfSENSE of "ESXi A" to handle the routing of the virtual machines on "ESXi B".

    Now I know you can see the same private address attributed to the pfSENSE and ESXi A, and the samething for ESXi B, the reason that is, has to do with a bizarre vmware config that I don't properly understand as of yet, where the VM has to have the same mac address as the private interface of the host, but that is a secondary problem.

    The first problem is I cannot communicate between the LAN interface on the pfSENSE and the OPT1 interface (private address for ESXi A).

    OPT1 and the LAN cannot ping each other.

    As the pfSENSE acts like a router as far as I understand, it should automatically route between the two interfaces.  I don't know what the problem is.  Any help would much appreciated, as I'm sure the problem is simply related to my lack of networking knowledge.

  • Anybody?

  • LAYER 8 Global Moderator

    what is the mask on this 10.90-91 network? (private network) and the lan network.. Its quite possible they overlap if your using say default /8 of a 10 network.

    Also what are the rules on your lan interface of pfsense if your dong any sort of policy routing out a specific gateway you have to have rules that allow the traffic to the other opt1 network before sending out a gateway, etc.

    Also what is the other vm - is it running any sort of software firewall, windows for example out of the box will block icmp from other than its local network.

Log in to reply