SOLVED - Routing of subnets - I'm completely lost



  • I have been trying to get routing between subnets to work but failed. From all I read this should "just work".

    It doesn't work here and I'm not even sure whether this is a pfSense problem.

    My setup is this: I have interfaces WAN (igb1), LAN (igb0 with VLAN 2, network 172.27.2.0/24), GST (igb0 with VLAN 3, network 172.27.3.0/24). pfSense is default gateway with addresses 172.27.2.1 and 172.27.3.1 in these networks. From both networks I have internet access working just fine.

    I'm trying to access a host ("server", 172.27.2.36) in LAN from hosts ("clients", one Mac, one iPhone) connected to GST. I'm not sure whether this traffic even hits my pfSense at all:

    • I checked the firewall log: No entries with target 172.27.2.36. All blocking rules do log, and I added firewall rules to allow this traffic because I block by default.

    • Also I did a packet capture on pfSense with the target IP address 172.27.2.36: No entries.

    From this it seems no frames from the clients arrive at my pfSense at all.

    My clients are assigned IP addresses by the DHCP server on the pfSense. Subnet masks are 255.255.255.0, so within an 172.27.3.0/24 network any address in 172.27.2.0/24 should be routed to the default gateway.

    Is there anything I have missed to check whether the client's traffic even arrives at my pfSense?

    Any other advice on how to proceed from here?


  • Netgate

    @-flo-:

    I have been trying to get routing between subnets to work but failed. From all I read this should "just work".

    It doesn't work here and I'm not even sure whether this is a pfSense problem.

    My setup is this: I have interfaces WAN (igb1), LAN (igb0 with VLAN 2, network 172.27.2.0/24), GST (igb0 with VLAN 3, network 172.27.3.0/24). pfSense is default gateway with addresses 172.27.2.1 and 172.27.3.1 in these networks. From both networks I have internet access working just fine.

    I'm trying to access a host ("server", 172.27.2.36) in LAN from hosts ("clients", one Mac, one iPhone) connected to GST. I'm not sure whether this traffic even hits my pfSense at all:

    • I checked the firewall log: No entries with target 172.27.2.36. All blocking rules do log, and I added firewall rules to allow this traffic because I block by default.
    • Also I did a packet capture on pfSense with the target IP address 172.27.2.36: No entries.

    What interface did you capture on? Start on GST, then if the traffic is there, capture on LAN. If the traffic exits but there is no response, check the settings on that target host. Having a software firewall (think Windows firewall) on that host is a common mistake. They often block connections from other than their local subnet.



  • Thank you for the help. Capturing on GST resulted in nothing. So this was really a client problem, not pfSense.

    I don't have solved all details yet however at least one client is now working as desired. This one had a problem with the DNS cache. (I accessed the server through a DNS name which is overwritten in my DNS Forwarder.)

    Anyway the routing between the subnets is now proven to work ok in my pfSense.

    The reason I did not capture any traffic in pfSense when accessing with IP address is still a mystery to me but independent from pfSense.