Trying to get internet on a new interface other than LAN, getting close



  • I have an interface named STORE, its IP is 10.1.0.0/27. I have internet on that network interface. I have a downstream network CRIT 10.1.0.96/27. CRIT is connected to STOR through switching; CRIT routes to STORE and I can access resources between CRIT and STORE. I need internet on CRIT.

    On the pfsense firewall logs I am seeing a lot of blocks on the STORE interface FROM 8.8.4.4 to an address on the CRIT network 10.1.0.99. I think it's because the pfsense doesn't know that I have this downstream network behind STORE. On my switch CRIT is a VLAN. I think I need to tell pfsense this is a good network. How do I tell pfsense this is a good network?

    **Edit confirming I dont think pfSense knows how to get to 10.1.0.97 - the switch address on the 10.1.0.96/27 network.

    ** EDIT SOLVED! I just needed to type it out. I needed to add a route in pfSense > on the STOR network I create a gateway to the upstream switch 10.1.0.1. 10.1.0.1 knows how to get to 10.1.0.96/27 so we're all good. It's a pretty specific solution but maybe it will turn on a light for someone.


  • LAYER 8 Global Moderator

    " its IP is 10.1.0.0/27"

    that is not a valid IP… That is a network address.

    .1 to .30 wold be valid interface address.. .0 is the wire/network while .31 would be the broadcast.

    If you want to use 10.1.0.0/27 as your transit network that is fine but pfsense interface should be .1 while your downstream would be .2 -- using .0 as host address is not a good idea..

    /27 is a pretty large transit - do you have lots of routers on this network?  Or hosts?  With hosts your going to run into asymmetrical routing problems unless all of them have host routes to to use the downstream router IP as gateway to get to those networks behind it, etc.


Log in to reply