Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing From Layer 3 Switch To PFSence Not Forwarding to Internet Gateway

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 3 Posters 776 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cruzmiester
      last edited by

      I would really appreciate if someone can suggest what I may be missing, or point me to the answer, I've been at this on and off for a few days and many hours.
      on PFSence I have two networks
      1. Main 192.168.3.0 PFSence IP = 192.168.3.2
      2. Secondary 192.168.1.0 PFSence IP = 192.168.1.2

      I have a VM on network 192.168.1.0 that is connected to the Switch on a port with a different VLAN (VLAN 20)  this VLAN IP is 192.168.1.1

      I have created a static route from switch to PFSense IP 192.168.1.2 to be able to give access to network 192.168.1.0 access to the internet
      Using network 192.168.1.0 -> The VM can ping PFSence and the switch. PFSense can ping the VM,  the switch and an internet IP. The switch can ping internet, pfsense, and the VM.  But when I try to ping an internet IP from the VM I get this using PFSense packet capture: … ARP, Request who-has 8.8.8.8 tell 192.168.1.20 (my test VM), length 46

      LAN rules = 1st rule I'm allowing everything if it orignates from the LAN net
      2nd Net = 1st rule I'm allowing everything if it originates from 2nd Net
      Outbound NAT = I have 2 rules one for 192.168.3.0/24 and 192.168.1.0/24 I'm allowing everything and the NAT Adress is the WAN interface

      Thanks for the help!!
      Carlos

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Draw a diagram. See below for the kind of information required.

        Looks like you have a couple different network segments on the same subnet which is almost never right but it's pretty hard to tell.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          Yeah draw your network.  If you have a downstream router (layer 3 switch) where is your transit network?

          Why is your vm network the same as your 192.168.1/24 in pfsense if there is another router involved?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • C
            cruzmiester
            last edited by

            thanks for the responces, I'm attaching a drawing of my network. If my question is a dumb question, keep in mind I'm mostly a coder but because I'm the GM of a small software company, I am the defacto network administrator, even though it's not my strength.

            There is no real good reason to have the VM on network 192.168.1.0, but the test cloud infrastructure does need a seperate network with access to the internet.
            to the best of my knowled there is also no need to have the PFSense FW on the network 192.168.1.0. Originally the swith had a static route to ip 192.168.3.2, but when the cloud infrastructure did not have access to the internet I added the 2nd LAN to PFSense and VM to make easier to test and trace the traffic.

            Again thanks for the help!!
            Carlos

            network_design.png
            network_design.png_thumb

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.