Router switch connection problem - Noobie

richardb · Jan 25, 2009, 9:20 PM

Hi
I have installed OK and can access via GUI
Have set up as bridged

I have
DSl -> 4 port router static ip 77...193 -> pfsense wan 77...221
| lan 192.168.1.1 -> pc static 77...200 (via straight thru cable)
|
switch (via straight thru cable)
|
pc static ip 77...214

With this setup on console both LAn and WAn have * next to them - I can access Gui from PC (200) and can also access internet

If I change to
DSl -> 4 port router static ip 77...193 -> pfsense wan 77...221
lan 192.168.1.1 -> switch (via straight thru cable) ->pc static ip 77...200

then on console reset lan to 192.168.1.1 - no * appears next to lan and neither gui or internet available from pc through switch

AS you can probably tell I am a beginner at this
On the switch the "input" connection can be either straight or crossover (and I have it set to straight)
WAn interface is set to static.
DHCP server is off

I have been trying for a few hours (whilst researching forum) but cannot figure out what it is I am doing wrong (possibly several things!)
I changed the LAn from 77...220 to 192.168.1.1 because of a post I read.

If any expert has a moment to look at this and steer me in the right direction I would be most grateful.
I hope i have posted enough info
Thanks for your help
Richard

wallabybob · Jan 25, 2009, 11:47 PM

With this setup on console both LAn and WAn have * next to them - I can access Gui from PC (200) and can also access internet

I don't know the meaning of "*" next to the interfaces. I presume you are talking of the display immediately after logging in on the console or ssh.

Regarding your new configuration:

You need communication between LAN and switch and between switch and PC. Check the "Link Status" LED at both ends of the two cables. If the status is not "active" then you won't get anywhere. If one or both status indicators on each link don't show "active" then its likely a cable fault (you have a broken cable or a straight through cable when you should have a crossover cable etc) or a connector fault.

Even if you have communication between PC and pfSense there is still a problem. The pfSense LAN interface (192.168.1.1) is on a different subnet from the PC (77...200) and there is no intervening router to enable them to communicate. Depending on the netmask you use on the pfSense LAN interface, your PC will need an address like 192.168.1.xxx if your LAN interface is going to stay as 192.168.1.1

In your first configuration you have a router (77...193) between the PC and the pfSense box.

Without knowing a bit more about what you are trying to accomplish and what you have to work with its a bit difficult to suggest a better configuration. (Has your ISP assigned you a range of static addresses, one of which is to be used in the router connected to the ISP? Are you wanting internet access to some systems on the LAN side of the pfSense box? What access restrictions do you want to apply? What services do you wat visible from the internet? etc)

richardb · Jan 26, 2009, 9:14 PM

Hi
Yes * is on display after logging in to console.
I will double check link status lights.
I thought I had read that the pc lan interface could not be on same subnet as WAN interface (but also as the Lan interface was bridged to get a transparent firewall that it's address did not matter.)
On first configuration I have pc((200) connected directly to the lan interface on the pfsense pc

I have a range of static ip addresses from isp
one of these is assigned to the router.
I want internet access to several static address pc'c on the lan side of the pfsense box (however i only want access from those internet addresses that the lan side pc'c have initiated contact with.)
It is also necessary for the internet addresses contacted to see the communication as coming from the specific ip address of the lan side computer.
I possibly made the diagram more complicated than necessary In layout 1 it is possible to ignore the switch section so we get
DSl -> 4 port router static ip 77...193 -> pfsense wan 77...221
| lan 192.168.1.1 -> pc static 77...200 (via straight thru cable)

and then
DSl -> 4 port router static ip 77...193 -> pfsense wan 77...221
lan 192.168.1.1 -> switch (via straight thru cable) ->pc static ip 77...200

so essentially I am just inserting switch.

I will try again 1)to check stsus lights and 2) to ensure that I am giving you correct information

Thanks for taking the time to help me - if any other thoughts arise having read above would be obliged for your input

Richard

richardb · Jan 26, 2009, 9:26 PM

Hi
Also I have not changed default gateway on PC (200) from the router address (193)

If I change it to (221) the pfsense address then I lose internet access

Should the default gateway for lan side pc's be the wan address on pfsense or the ip address of the router?
Thanks
Richard

wallabybob · Jan 26, 2009, 10:20 PM

@richardb:

Hi
Also I have not changed default gateway on PC (200) from the router address (193)

If I change it to (221) the pfsense address then I lose internet access

Should the default gateway for lan side pc's be the wan address on pfsense or the ip address of the router?

If you want the LAN side PCs to connect to the pfSense web GUI then their default gateway needs to know how to get to the pfSense LAN address. When a LAN side PC attempts to connect to the pfSense web GUI at 192.168.1.1 it will see the destination is in a different subnet so will send it to the gateway. Does the gateway know where to send it next? I suspect the router (193) doesn't.

If the LAN side PCs run Windows, the commands ping and tracert can be helpful investigating these sort of problems. The equivalents on many Unix systems are ping and traceroute.

As to what the default router should be I'll leave that to someone else because I don't have experience or knowledge of how bridge mode works.