Static routing



  • Hello all,

    I am trying to create a very simple static network with multiple VLAN's, the goals would be from one client to go through 2 routers with pfsense and eventually connect to a webserver (IIS).

    The firewalls have been disabled, and the firewalls from Windows allow all. Clients can only ping to their respective routers, not further.

    How can this be fixed without a routing protocol? Here is a picture of our network: http://nl.tinypic.com/view.php?pic=72ajpy&s=9



  • below is under the assumption that both R1 & R2 already have a default gateway pointing towards something else (like the internet)

    transit network = 192.168.50.1/30  (can be another cidr range, doesn't matter)
    define a gateway on each router, pointing towards the ip on the other end of the transit network

    static routes on R1:
    192.168.40.1/24 | GW: gateway_to_R2
    192.168.20.1/24 | GW: gateway_to_R2

    static routes on R2:
    192.168.30.1/24 | GW: gateway_to_R1

    done



  • Thanks for your answer!

    We have tried having the routers as each others default gateway, but it doesn't work.
    We have also tried using RIP v2, now we can access MGMTsystemen with the W10_HQ, but nog with W10_BK. We concluded that the routers can't see past the other router.


  • LAYER 8 Netgate

    That is a very simple static routing situation.

    You have to be sure that there is no Outbound NAT going on and that the transit interfaces (192.168.50.X) on R1 are set to accept traffic from 192.168.20.0/24 and 192.168.40.0/24 and R1 will accept traffic from 192.168.30.0/24.

    I question your subnetting scheme, however.

    It would make more sense to have something like 192.168.32.0/20 behind R1 (giving that site the ability to use 192.168.32-47) and 192.168.48.0/20 (192.168.48-63) behind R2 so it could all be accomplished with one route on each side.

    Just a thought.



  • Can you elobarte on the last paragraph? I don't understand why changing the VLAN numbers would make everything work. Then again we are kind of beginners with this.


  • LAYER 8 Netgate

    It makes zero sense to have 192.168.20 and 192.168.40 on one side and 192.168.30 (something between those two subnets) on the other. Zero.

    Concentrate on this instead:

    You have to be sure that there is no Outbound NAT going on and that the transit interfaces (192.168.50.X) on R1 are set to accept traffic from 192.168.20.0/24 and 192.168.40.0/24 and R1 will accept traffic from 192.168.30.0/24.



  • I realised that, yes, but does it fix anything functionally? Or is it just harder do determine where the VLAN's are?


  • LAYER 8 Netgate

    Sorry. I do not understand your question. This is basic IP subnetting and not particular to pfSense, VLANs, etc.



  • Sorry for the late response, i did not find a solution, but it doesn't really matter anymore since the school project is at the end.
    Thanks though for all the input!


Log in to reply