Cross subnet access problem
-
Hello all,
Apologies for a probably (and hopefully) a beginners question to pfsense.
I have problem accessing another subnet (e.g. 172.16.0.0) when I am in the other subnet (e.g. 10.0.0.0). I have tried almost everything, opened up firewalls, clicking on and off options, that I finally just thought I would post on the forum to hope someone can help me.
The weird thing is that, independent which subnet I am connected to, I can always get to the pfsense webgui (i.e. on 172.16.0.1 when I am on 10.0.0.0 and vice versa works!).
I have attached the following:
-
Network map
-
Hypervisor (Proxmox) NIC setup
-
pfSense NICs
-
pfSense LAN and OPT1 settings
-
pfSense reserved networks unchecked
Additional information is that I have 6 NICs, two built into the motherboard and then 4 on a separate PCI express Intel card. Pfsense is virtualized on proxmox and that is how I have these Virtio NICs.
My problems:
-
I cannot connect from one subnet to the other
-
Within subnet 10.0.0.0, proxmox interface is not available on 10.0.0.3, however it is available when I am in subnet 172.16.0.0 (the TP-Link in bridge mode) - very weird
I am really grateful for your help!!
![reserved networks.JPG](/public/imported_attachments/1/reserved networks.JPG)
![reserved networks.JPG_thumb](/public/imported_attachments/1/reserved networks.JPG_thumb)
![network map.JPG](/public/imported_attachments/1/network map.JPG)
![network map.JPG_thumb](/public/imported_attachments/1/network map.JPG_thumb)
![Proxmox network setup.JPG](/public/imported_attachments/1/Proxmox network setup.JPG)
![Proxmox network setup.JPG_thumb](/public/imported_attachments/1/Proxmox network setup.JPG_thumb) -
-
We will need a network map to offer any targeted troubleshooting, but I suspect you have a networking issue.
What you should have is each NIC connected to a separate vSwitch and then physically connected to either separate unmanaged switches or connected to a managed switch configured with VLAN's.
If you have your NIC's connected to the same switch (either physically or virtually), it's not going to work.
-
Hi Marvosa,
Thank you very much for helping out, I added a network map - please let me know if this makes sense now or if you need more information.
-
I actually solved it!
I did plenty of steps, but in the end it worked out, I order them by relevance to this topic:
-
Added a static routing into my TP LINK archer c7, for others http://forum.tp-link.com/showthread.php?79872-Can-t-ping-access-TL-WDR4300-from-other-subnet
-
Changed the Proxmox bridges to be Intel E1000 instead of Virtio
-
Changed the start up order of the pfSense VM
-
Passed the CPU as host to the pfSense VM
Now I will start playing around with the Firewalls :)
-