Connecting 2 sites
-
Guys,
I would like to let Pfsense act asif its the internet. I got 2 test sites in my virtual environment(Vmware workstation pro). My fist site has a calss-a network ip, my second site has a class-c ip. I created in both sites a Vpnserver with 2 networkcards. I would like both vpn servers to connect to each other through the Pfsense. At least, i think i need to do that to simulate internet. Anyone who knows if a decent tutorial exists about how to configure pfsense to connect 2 networks?
Many thanks for a reply.
-
Ok, am still stuck. I got 3 interfaces, LAN, Opt1, WAN. Wan is connected to my ISP through NAT, Opt1 and Lan are conencted to my virtual servers. The Opt1 doesnt work, i cant ping from my virual server in the same segment to the ipaddres i created for the Opt1 interface. Internet traffice doesnt work.
Anyone who can help? It should look like the picture in the attachment.
-
You need to add a filter rule to OPT1 to allow access from that network. Firewall > Rules
On LAN there is set an allow any to any rule by default. You may copy this by hitting the icon at the right, edit the copy and change the interface to OPT1. -
Many thanks for the reply. I never did something like that and google isnt that helpful today. is it possible for you to explain how to do this?
-
I think, I had already explained that.
It's just as simple. Go to Firewall > Rules, select the LAN tab. It should looks like the picture below.
The second rule is the IPv4 default rule, the last that one for IPv6. At the right of each you can find a copy button. Hit this, then you get a copy underneath, open this by hitting the Edit button, go to Interface and select your OPT1 from the dropdown. Save the settings by click at the save button at the bottom.
Do the same with the IPv6 rule.
-
First of all, let me apologize for the time it took to reply. We had some problems here. Becauseof that, i havent had the time to play with pfsense.
About adding the rules, is it possible to do that through the commandline and not through the gui?
-
Possible, perhaps by editing the config file, but no there isn't a CLI that can do that.
-
strangest thing is, to get things working in OPT1 , i had to change the source from LAN NET into *
-
lan net would never be a source of traffic on opt1 net, should change it to opt1 net vs lan net, all interfaces will have a built in alias of their address and their network. To use for source and destinations, etc.
-
@johnpoz many thanks for replying. When copying the default firewallrules for opts1(from lan) i do get the lannet by default
and without changing the lannet into *, the routing doesnt work
-
well yeah its simple copy there is no magic saying oh your copy me from lan net to opt net need to change the source..
Correct yourself. Change it to optX net or whatever you rename that opt net to be... I always change mine to something that makes sense to me. wlan net, dmz net, dtv net, etc.
