  • I have an interface named STORE, its IP is I have internet on that network interface. I have a downstream network CRIT CRIT is connected to STOR through switching; CRIT routes to STORE and I can access resources between CRIT and STORE. I need internet on CRIT.

    On the pfsense firewall logs I am seeing a lot of blocks on the STORE interface FROM to an address on the CRIT network I think it's because the pfsense doesn't know that I have this downstream network behind STORE. On my switch CRIT is a VLAN. I think I need to tell pfsense this is a good network. How do I tell pfsense this is a good network?

    **Edit confirming I dont think pfSense knows how to get to - the switch address on the network.

    ** EDIT SOLVED! I just needed to type it out. I needed to add a route in pfSense > on the STOR network I create a gateway to the upstream switch knows how to get to so we're all good. It's a pretty specific solution but maybe it will turn on a light for someone.

  • LAYER 8 Global Moderator

    " its IP is"

    that is not a valid IP… That is a network address.

    .1 to .30 wold be valid interface address.. .0 is the wire/network while .31 would be the broadcast.

    If you want to use as your transit network that is fine but pfsense interface should be .1 while your downstream would be .2 -- using .0 as host address is not a good idea..

    /27 is a pretty large transit - do you have lots of routers on this network?  Or hosts?  With hosts your going to run into asymmetrical routing problems unless all of them have host routes to to use the downstream router IP as gateway to get to those networks behind it, etc.

