Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Newbie needs help routing from primary LAN subnet to second internal subnet

    Routing and Multi WAN
    1
    1
    421
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      briddle
      last edited by

      I am new to pfSense and anything other than simple network topographies and I'm having newbie problems routing to a separate internal subnet.  My SG-4860 is using a vanilla setup using the LAN Interface 192.168.1.1.  The 4860 is providing DHCP for the range of 192.168.100-200 and I have some manual static addresses allocated within the range 192.168.1.201-254.    My 4860 does not have the  WIFI option and I instead have a standalone Netgear R7000 wireless router which was previously used in Wireless Access Point only mode.  Machines connecting wireless were also given a 192.168 DHCP lease, everything could connect to all other machines, and life was good.

      Then starting with a recent firmware update, Netgear unexpectedly removed the ability to filter / limit connections via MAC address in WAP mode; claiming the fact that MAC filtering in WAP mode ever worked as a "mistake" and would not be restored in any future updates.  To preserve the ability to limit wireless connections to approved MACs, I had to change the R7000 to router mode.  The R7000 then created a separate 10.0.0.x subnet with the R7000 as the gateway of that subnet at 10.0.0.1, an Internet gatway of 192.168.1.1, and a 192.168.1.253 address on my existing LAN.

      As things stand, machines connecting by wireless and getting 10.0.0.x addresses have no problems hitting the network or accessing any machines on my primary 192.168.1.x LAN subnet by IP address.

      But I cannot get machines on my 192.168.1.x primary LAN subnet to see or route to any of the IP addresses on the bridged subnet's 10.0.0.x subnet.  I can't even access the R7000's admin GUI either by its 192.168.1.253 primary subnet address or by its 10.0.x address.

      I'm assuming I need to define a static route within the 4860 to define routing to the 10.0.x subnet using the R7000's 192.168.1.253 address as the gateway to that subnet.  Through the pfSeense GUI at "System | Routing | Gateways", I added a new  "Gateway_to_Wireless_Subnet" gateway at 192.168.1.253.  Then at "System | Routing | Static Routes" I added a route to Destination Network "10.0.0.1" specifying gateway: "Gateway_to_Wireless_Subnet".  (I first tried to enter a destination network of "10.0.0.1/253" but that string fails the edits for a destination network value.

      That still didn't work, so I hoped the firewall was the remaining issue.  I wasn't sure what the proper firewall rule would be, so I tried going to "System | Advanced | Firewall and NAT" and checked "Static route filtering"'s "Bypass firewall rules for traffic on the same interface".  No joy.  I still can't ping the R7000 at 10.0.0.1.  So I'm out of ideas and could use some suggestions as to:

      How to make this work plus how to create an appropriate firewall rule that provides the minimum safe access capabilities between the 192.168.1.x and 10.0.0.x subnets.

      How to add a limited DNS lookup so the machines on the 10.0.x wireless subnet can find devices on the primary subnet by machine name instead of requiring hard-coded IP addresses or HOSTS table entries without replacing the 4860's specified DNS servers (it's using the Google DNS servers for primary and secondary).

      Thanks in advance for any help that is offered.
      -Bob

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.