Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Internal network blocked

    Routing and Multi WAN
    2
    9
    644
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Disthene
      last edited by Disthene

      Hello everyone,

      Working on a new project, on gns3, and I need some experts to help me....0_1532332211170_Screenshot_43.png

      At the moment, my core switch 192.168.1.254 has a specific route 0.0.0.0 0.0.0.0 192.168.1.1
      He can ping internet

      My PC2 is in vlan 3 -> 192.168.3.5
      He can ping 192.168.1.254
      He cannot ping 192.168.1.1
      Then of course can't reach internet
      VLAN 3 is configured on CoreSwitch his gateway is 192.168.3.1

      Same for my PC 1 which is vlan 10
      VLAN 10 is configured on Coreswitch his gateway is 192.168.10.1

      My proxy FW is a PFSense box,LAN interface -> all rules are set to any. I even added one line :
      0_1532332837031_Screenshot_44.png

      I'm blocking on this for a while now, any help is welcome :(

      Might be the wrong place to post this, but I guess it's a routing issue in fact...If it's in the wrong place please move it...

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        What is in your routing table at Diagnostics > Routes ?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • D
          Disthene
          last edited by

          0_1532334699679_Screenshot_45.png

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            How is pfSense supposed to know how to get to those inside networks without routes for them?

            0_1532334998364_pfSense-Layer-3-Switch.png

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • D
              Disthene
              last edited by Disthene

              Yeah you are right, I knew it was something related to this, but as I'm still a noob in networking it was not so obvious for me. Thanks for your help I'll work on this.

              EDIT: it works, thank you so much for your help ;) your schema is very helpful !

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Yes. A gateway for the switch (192.168.1.254) and static routes to that gateway in System > Routing should help get you there, along with the pass from source any on LAN that you already have.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • D
                  Disthene
                  last edited by

                  Yeah what I did thanks a lot.

                  So now if I want to let my vlan communicate between each other I have to follow the same process I guess but I need to specify a route for each vlan with their respective GW ?

                  For example if I want to let 192.168.10.5 communicate with 192.168.3.5 ?
                  For the moment it's not communicating...

                  But I put a route to 192.168.0.0/16 with GW 192.168.1.254
                  Should I do that for each vlan with their own GW ?

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    That looks like it would all be handled by your Layer 3 switch. The firewall wouldn't be involved in that traffic at all.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • D
                      Disthene
                      last edited by Disthene

                      Yeah, in fact it's working like a charm, it's communicating don't know why it was not before, but it seems ok.

                      Thanks again for your explanatiosn and your time :)

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.