Internal network blocked



  • Hello everyone,

    Working on a new project, on gns3, and I need some experts to help me....0_1532332211170_Screenshot_43.png

    At the moment, my core switch 192.168.1.254 has a specific route 0.0.0.0 0.0.0.0 192.168.1.1
    He can ping internet

    My PC2 is in vlan 3 -> 192.168.3.5
    He can ping 192.168.1.254
    He cannot ping 192.168.1.1
    Then of course can't reach internet
    VLAN 3 is configured on CoreSwitch his gateway is 192.168.3.1

    Same for my PC 1 which is vlan 10
    VLAN 10 is configured on Coreswitch his gateway is 192.168.10.1

    My proxy FW is a PFSense box,LAN interface -> all rules are set to any. I even added one line :
    0_1532332837031_Screenshot_44.png

    I'm blocking on this for a while now, any help is welcome :(

    Might be the wrong place to post this, but I guess it's a routing issue in fact...If it's in the wrong place please move it...


  • Netgate

    What is in your routing table at Diagnostics > Routes ?



  • 0_1532334699679_Screenshot_45.png


  • Netgate

    How is pfSense supposed to know how to get to those inside networks without routes for them?

    0_1532334998364_pfSense-Layer-3-Switch.png



  • Yeah you are right, I knew it was something related to this, but as I'm still a noob in networking it was not so obvious for me. Thanks for your help I'll work on this.

    EDIT: it works, thank you so much for your help ;) your schema is very helpful !


  • Netgate

    Yes. A gateway for the switch (192.168.1.254) and static routes to that gateway in System > Routing should help get you there, along with the pass from source any on LAN that you already have.



  • Yeah what I did thanks a lot.

    So now if I want to let my vlan communicate between each other I have to follow the same process I guess but I need to specify a route for each vlan with their respective GW ?

    For example if I want to let 192.168.10.5 communicate with 192.168.3.5 ?
    For the moment it's not communicating...

    But I put a route to 192.168.0.0/16 with GW 192.168.1.254
    Should I do that for each vlan with their own GW ?


  • Netgate

    That looks like it would all be handled by your Layer 3 switch. The firewall wouldn't be involved in that traffic at all.



  • Yeah, in fact it's working like a charm, it's communicating don't know why it was not before, but it seems ok.

    Thanks again for your explanatiosn and your time :)