4. Routing From Layer 3 Switch To PFSence Not Forwarding to Internet Gateway

Routing From Layer 3 Switch To PFSence Not Forwarding to Internet Gateway

  • C

    I would really appreciate if someone can suggest what I may be missing, or point me to the answer, I've been at this on and off for a few days and many hours.
    on PFSence I have two networks
    1. Main 192.168.3.0 PFSence IP = 192.168.3.2
    2. Secondary 192.168.1.0 PFSence IP = 192.168.1.2

    I have a VM on network 192.168.1.0 that is connected to the Switch on a port with a different VLAN (VLAN 20)  this VLAN IP is 192.168.1.1

    I have created a static route from switch to PFSense IP 192.168.1.2 to be able to give access to network 192.168.1.0 access to the internet
    Using network 192.168.1.0 -> The VM can ping PFSence and the switch. PFSense can ping the VM,  the switch and an internet IP. The switch can ping internet, pfsense, and the VM.  But when I try to ping an internet IP from the VM I get this using PFSense packet capture: … ARP, Request who-has 8.8.8.8 tell 192.168.1.20 (my test VM), length 46

    LAN rules = 1st rule I'm allowing everything if it orignates from the LAN net
    2nd Net = 1st rule I'm allowing everything if it originates from 2nd Net
    Outbound NAT = I have 2 rules one for 192.168.3.0/24 and 192.168.1.0/24 I'm allowing everything and the NAT Adress is the WAN interface

    Thanks for the help!!
    Carlos

    0
  • LAYER 8 Netgate

    Draw a diagram. See below for the kind of information required.

    Looks like you have a couple different network segments on the same subnet which is almost never right but it's pretty hard to tell.

    0
  • LAYER 8 Global Moderator

    Yeah draw your network.  If you have a downstream router (layer 3 switch) where is your transit network?

    Why is your vm network the same as your 192.168.1/24 in pfsense if there is another router involved?

    0
  • C

    thanks for the responces, I'm attaching a drawing of my network. If my question is a dumb question, keep in mind I'm mostly a coder but because I'm the GM of a small software company, I am the defacto network administrator, even though it's not my strength.

    There is no real good reason to have the VM on network 192.168.1.0, but the test cloud infrastructure does need a seperate network with access to the internet.
    to the best of my knowled there is also no need to have the PFSense FW on the network 192.168.1.0. Originally the swith had a static route to ip 192.168.3.2, but when the cloud infrastructure did not have access to the internet I added the 2nd LAN to PFSense and VM to make easier to test and trace the traffic.

    Again thanks for the help!!
    Carlos


    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy