Need some help with PFsense and Edgerouter X routing



  • im trying to learn how to do some local network routing so yes I'm doing this the hard way. I'm running pfdense as my primary router/firewall, dns, dhcp and I'd like to put some vlans into the mix if I can get the basics running like I want. currently I have a switch were I have my LAN but I'd like to turn into a DMZ zone for some servers and what ever. Then I have a Edgerouter X(ERX) that I'd like to put a user LAN on its own VLAN.

    Then problem I'm having is that I can't get the ERX to route correctly, would rather not run NAT because I'd like to learn some firewall rules to control the traffic and I'd like to run this like a large LAN.

    I can get out the internet with pfsense and I can ping the eth0 interface on the ERX but i cant get out from the EDX.

    This is the conf from the EDX:

    interfaces {
    ethernet eth0 {
    address dhcp
    duplex auto
    ip {
    ospf {
    network broadcast
    }
    }
    speed auto
    vif 10 {
    disable
    }
    }
    ethernet eth1 {
    description Local
    duplex auto
    speed auto
    }
    ethernet eth2 {
    description Local
    duplex auto
    speed auto
    }
    ethernet eth3 {
    description Local
    duplex auto
    speed auto
    }
    ethernet eth4 {
    description Local
    duplex auto
    speed auto
    }
    loopback lo {
    }
    switch switch0 {
    address 192.168.10.34/27
    description Local
    switch-port {
    interface eth1 {
    }
    interface eth2 {
    }
    interface eth3 {
    }
    interface eth4 {
    }
    }
    }
    }
    port-forward {
    auto-firewall enable
    hairpin-nat disable
    wan-interface eth0
    }
    protocols {
    ospf {
    area 0 {
    area-type {
    normal
    }
    network 192.168.10.32/27
    network 192.168.1.0/24
    }
    parameters {
    router-id 192.168.1.2
    }
    passive-interface default
    passive-interface-exclude efh0
    }
    }
    service {
    dhcp-server {
    disabled false
    hostfile-update disable
    shared-network-name LAN {
    authoritative enable
    subnet 192.168.10.32/27 {
    default-router 192.168.10.34
    dns-server 192.168.10.34
    lease 86400
    start 192.168.10.37 {
    stop 192.168.10.62
    }
    }
    }
    }
    dns {
    forwarding {
    cache-size 150
    listen-on switch0
    }
    }
    gui {
    https-port 443
    }
    nat {
    rule 5010 {
    description "masquerade for WAN"
    disable
    log disable
    outbound-interface eth0.1
    protocol all
    type masquerade
    }
    }
    ssh {
    port 22
    protocol-version v2
    }
    }
    system {
    host-name ubnt
    login {
    user ************ {
    authentication {
    encrypted-password ****************
    }
    level admin
    }
    }
    ntp {
    server 0.ubnt.pool.ntp.org {
    }
    server 1.ubnt.pool.ntp.org {
    }
    server 2.ubnt.pool.ntp.org {
    }
    server 3.ubnt.pool.ntp.org {
    }
    }
    syslog {
    global {
    facility all {
    level notice
    }
    facility protocols {
    level debug
    }
    }
    }
    time-zone UTC
    }