Routing between multiple subnets behind a single LAN interface

dlogan

This is not for production, but rather a lab setup to simulate remote locations that have VPNs setup. I'm playing with some servers and want them to be able to communicate in the lab as if they were on site.

Is this possible w/ some kind of static routing? I don't know how to set it up. I tried created Virtual IPs (alias) w/ the default gateway of each location (192.168.0.1/24, 192.168.1.1/24, 10.0.0.1/24).

Under Firewall -> NAT -> Outbound I did manual outbound and copied the default outbound rule for each subnet to the WAN interface.

Under Firewall -> Rules -> LAN I created allow each subnet to ALL rules.

Under System -> Routing I added each virtual IP as a gateway, then in static routes added each subnet to it's respective gateway.

I can't ping the virtual IPs or hosts in other subnets.

I'm sure I've just done something stupid.

viragomann

Routing is only possible between different interfaces.
So you may create VLANs with virtual interfaces on the single LAN and put your devices into the VLANs as you need, then you can route between them.

dlogan

Hrmmm, what about pfSense on a VM? I've never played with that. Could I assign multiple interfaces to one physical NIC on ESX or something?

viragomann

So you mean to add multiple interfaces and connect them to a virtual bridge, which the physical NIC is also connected to?
Maybe that will work as the bridge will spread packets to all connections, but it's dirty.

dlogan

So I just wanted to report back. The original thing I was trying to accomplish on the physical pfSense box actually works. I had accidentally put /32 on my outbound NATs instead of /24. I have 4 subnets all talking to each other and all able to get outbound NAT to WAN behind a single LAN interface using Virtual IPs.

t1e1

@dlogan This scenario looks like what I'm trying to do as well, but I haven't been successful using your steps. Your final step reads:

Under System -> Routing I added each virtual IP as a gateway, then in static routes added each subnet to it's respective gateway.

I click on the + to add a gateway, change the Interface from WAN to LAN (since the new subnets reside on the LAN interface), enter a name, type in the Gateway IP 192.168.50.1, and click Save. The page reloads with the message:

The gateway address 192.168.50.1 does not lie within one of the chosen interface's subnets.

Did I miss a step or perform a step incorrectly? I've only been working with pfSense for about 3 hours, so it's quite possible...

As with your post, I'm trying to set up a small lab network in my home office, replicating the functionality of the following Cisco router configuration, using only the pfSense software, where the interface being configured is the LAN interface of the netgate MBT-2220:

interface GigabitEthernet0/0
 ip address 192.168.50.1 255.255.255.0 secondary
 ip address 192.168.51.1 255.255.255.0 secondary
 ip address 192.168.111.1 255.255.255.0

The equipment in the .50 and .51 subnets doesn't need any DHCP services,and really doesn't even need any WAN connectivity other than NTP, which is optional. They are not VLAN-aware, and all I need from the pfSense box is Layer 3 routing on these additional subnets.

johnpoz

OMG why are you running multiple layer 3 on the same layer 2??

Just setup vlans... You have a LAB and you can not afford a vlan capable switch at 30$ for 8 port gig?? Come on people... If your going to do something don't freaking use bubble gum and sticks..