Pretty simple setup but I am a retard

  • I have two networks here.
    10.0.2.x AND 10.0.10.x

    The 2.x network contains my DC/DNS and what not; I need the 10.x to be able to access DNS information on this box

    I have 3 NICs in my pfsense box; I would like to setup both of these networks to see each other and also have both have access the to the internet.

    I have been attempting to figure it out myself but cannot seem to get it going.

  • Set one as Wan (obviously your internet) LAN (not your servers) and opt1 (your servers)

  • I have succesfully got my internet working on 2.x and also can ping 10x network from 2.x; still working on pinging from 10.x back to 2.x

  • Maybe you're forgetting that pfSense is a firewall by nature. :) That means its default behavior is to block traffic if there's no rule to pass it. If you want to use the firewall the way you have it now, you must write a few firewall rules to allow all traffic between your two local networks. On the other hand, if you're not actually going to be firewalling between the two networks with pfSense – in other words, you don't want two networks, but really want one big network -- you'd be better off doing this downstream of the pfSense altogether. Otherwise, pfsense is just an unnecessary bottleneck providing one simple route. You can achieve network cohesion by layer-3 switching (core switch) or vLAN'ing (which can actually be accomplished on pfSense).

  • bingo; i discovered the firewall was blocking traffic flow; all is well.

    I am interested in VLAN'ng as I beleive that is the correct way to do this but I am sort of confused how to make it work that way

  • Well, VLAN'ing is essentially tagging all packets with VLAN information at the concentrator (in this case pfSense). So, it can reduce compatibility, especially with "dumb" network devices like PDAs, printers, legacy OSes, older routers/switches, certain content filters which act as a bridge, etc. It also adds a touch of complexity to the network as a whole, so if you're novice at networking you might want to think consider a few different scenarios. For instance, if you already have switching that will do layer 3, that would be preferable in terms of simplicity. Then the switch would provide routes to each network and to pfSense, and the pfSense would just have to worry about firewalling.

    You'll get a lot more throughput switch to switch than through pfSense… unless you threw some monster hardware at it, that is. pfSense uses the PF firewall from OpenBSD, which is really anything but lightweight. It has a lot of sweet features, but they come at the cost of relatively high overhead compared to other packet filters.

Log in to reply