Problem to navigate with PFSENSE from a different LAN than the PFSENSE is.
-
Hi everyone,
I've just installed PFSENSE on my LAN - about 40 PCs divided into 4 LANs - on an old PC for the first time
using two network cards, one WAN and the other INTERNAL.I'll call the LAN like this : the first - Star center network(10.160.99.X), the second (10.160.2.X), the third (10.160.3.X)…
In the first LAN, (10.160.99.X), and in the secon LAN (10.160.2.0) where the PFSENSE is installed and most clients all work correctly.
The problem arises from the other LANs, which are connected to the one where the PFSENSE is installed through many HOPs.
I realized, in fact, that Pfsense has no problems if I use it from a network where the connection is direct.
Here is a PC trace (10.160.2.3) from a LAN which PFSENSE works well.
C: > tracert 10.160.99.36 (PFSENSE IP address)
Trace route to 10.160.99.36 on up to 30 waypoints
1 4 ms 1 ms 1 ms 10.160.2.201
2 <1 ms <1 ms <1 ms 10.160.99.36
While from this other PC (10.160.3.1) does not work, here is the track:
C: > tracert 10.160.99.36
Trace route to 10.160.99.36 on up to 30 waypoints
1 1 ms 1 ms 1 ms 10.160.3.201
2 3 ms 2 ms 2 ms 10.10.0.10
3 5 ms 4 ms 4 ms 10.10.0.2
4 7 ms 5 ms 4 ms 10.10.0.1
5 4 ms 3 ms 3 ms 10.160.99.36
As you can see between the LAN router / switch (10.160.3.X) and the PFSENSE there are many network points
in the middle, and I think it is precisely these that inhibit its operation.Also from the 10.160.3.X network I can not even access the webgui configuration page ...
I also saw between the LOG and the request arrives on the PFSENSE from the PC(10.160.3.2) and Status Log
show as a rule PASS, but i can't navigate.Further data: I'm configuring the PC with the Internet Explorer proxy to navigate to
address of the PFSENSE, this to say that as a Gateway I am not using the pfsense.You can tell me how to configure the PFSENSE to allow us to surf the networks
that pass through these HOPS?Suggestions or ideas to discuss are also fine.
Thank you so much.
-
Look at pfSense (10.160.99.36) routing configuration. It seems, it does not know the right route to the network 10.160.3.X .
-
I have not configured the routing page and it does not appear more than the default situation. :-\
This is what I would like to know, if it should be a question of routing, how to set the right configuration for the network where I work.
I'm not a network expert, but the pfsense works well and I only need this part to finish the first test.
Advice and suggestions of any kind are welcome; I hope the network structure where I work is clear
-
System / Routing: Gateways - add the gateway to 10.160.3.X (10.10.0.2? 10.10.0.10?)
System / Routing: Static Routes - add route to 10.160.3.X over just added gateway.
I hope the network structure where I work is clear
in fact, not. (no pf interfaces, not all important ip addresses, no gateways,..)
-
I try to write everything I know :
PFSENSE INTERFACES LAN : 10.160.99.36
PFSENSE INTERFACES WAN : 10.168.12.10 Public WAn
LAN 1 - CENTER STAR -
10.160.99.X
GATEWAY MASTER \ INTERNET : 10.160.99.201 (from which every computer of the other LAN passes to go out on the internet)
LAN 2 (from which the pfsense works)
10.160.2.X
GATEWAY : 10.160.2.201
LAN 3 (from which the pfsense doesn't work)
10.160.3.X
GATEWAY : 10.160.3.201
LAN 4 (from which the pfsense doesn't work)
10.160.4.X
GATEWAY : 10.160.4.201I hope nothing is missing if I have to add more to clarify the situation I remain available
-
From your the data you wrote, it is not clear, e.g. how the networks 10.160.99.X and 10.160.3.X should be routed.
Did you try:
System / Routing: Gateways - add the gateway to 10.160.3.X (10.10.0.2? 10.10.0.10?)
System / Routing: Static Routes - add route to 10.160.3.X over just added gateway.
?
If not, what shows "tracert 10.160.3.1" on 10.160.99.36 ?
-
I do not know the terminology of the networks well, I try to explain it in simple words.
From the 10.160.3.X, 10.160.4.X and 10.160.5.X networks, I always have to pass to the LAN 10.160.99.X through the gateway 10.160.99.201 and then exit on the internet.
In other words on every pc of those networks (e.g. 10.160.3.1) has the proxy on the internet explorer browser set with 10.160.99.36: 8080 (PFSENSE)> the http request goes through the gateway of that LAN (10.160.3.201)> then pass through the HOPS to which I can not access and that i think that are the problem > and arrives in the network where the PFSENSE is installed, on the main gateway 10.160.99.201.
I forgot to tell you the purpose of this installation: PFSENSE I'm installing it only for a reason of user browsing LOG.
I hope I explained well and you understood how the ride is.
P.S.
if i add a gateway 10.160.3.1
pfsense returns an error :
•The gateway address 10.160.3.201 does not lie within one of the chosen interface's subnets.
Thank you!
-
If you are building such solutions you should understand, how the packages should go from one network to another on IP level independent of terminology.
So, how should packages go from the network 10.160.99.X to the network 10.160.3.X ? What intermediate routers should they go through? What is IP address of the nearest router, which knows about the network 10.160.3.X ?
what shows "tracert 10.160.3.1" on 10.160.99.36 ?
-
From 10.160.99.36 i get this route.
10.160.99.36
1 1 ms 1 ms 1 ms 10.160.99.201
2 1 ms 2 ms 1 ms 10.10.0.2
3 5 ms 4 ms 8 ms 10.10.0.9
4 4 ms 4 ms 4 ms 10.160.3.1is this what you wanted to know?
Sorry if I reply late and incomplete,
but I am a neophyte and I can not always be in front of the PFSENSE.Tank you for the support!
-
the routing seems to be o.k. Strange. Are you sure, that tcp packets did come to port 80 of the firewall and the firewall answered (you can see the answers e.g. in wireshark)?