Routing in 3 local lan
-
hi
What should I use static route to connect the following networks?pfsense config:
lan 1 : 172.21.1.1
wan: adsl modem :192.168.1.1lan2 : 172.21.2.1
lan3 : 172.21.3.1I used to use kerio control before
And I was doing the following
routing > add : microsft static route >>>> 172.16.0.0 mask 255.240.0.0 172.21.1.1How do I add this routine in pf?
-
Why would you think you need to create routes.. If those networks are directly attached to pfsense it knows that.. No need to create any routes..
-
@johnpoz
Each one in a city that is linked by the intranet
-
You want to just route to rfc1918 space over the public internet? Oh you said intranet..
So this is your company network than.. Connected via point to point, mpls ?
So those are via downstream routers off pfsense lan? That is going to lead to asymmetrical traffic flow.. You would connect other networks via transit network... Can you draw up your network please and we can work out the details.
-
@johnpoz
They are connected through the telecommunications lines of these cities. I want to use this server to control traffic and the Internet, but when I launch DHCP, I can not ping other IPs of other companies in other cities.
When I used KerioControl, I used the following method and had no problem
-
Dude please draw up your network.
You list pfsense lan as 172.21.1.1, you can not route to that to get to other networks..
routing > add : microsft static route >>>> 172.16.0.0 mask 255.240.0.0 172.21.1.1
When you create a route you are saying - hey go to this "ROUTER" at this IP to get to network XYZ... What device is at 172.21.1.1?? if that is connected via your lan network you list above
Now it might of worked with whatever you were using before - but I can tell you for sure that if you route to other networks via your lan network. Any traffic between hosts on that lan network and other networks is going to be asymmetrical and a PROBLEM with a stateful firewall.. And besides that just messy and not optimal and also hairpins for no reason at all, etc. etc..
So from that image... Looks like to me you were just handing out a host route to the clients saying hey to get to 172.16/12 - but your default gateway was 172.16.21.10..
But from above you look like you made pfsense ip 172.21.1.1 - Which is the IP address of whatever other router gets to your other networks.
Please draw up your network.. So we can fix this... You do not need to host route when you can just connect a transit network to pfsense... Then you could actually firewall between these other networks and your clients, etc. etc.
-
@johnpoz
Thank you for your guide
I used the following method. My problem was solved. Maybe I did it badly
Advanced DHCP Options
-
yeah that is WRONG way to go about what your doing.. Adding routes on every host is not an optimal solution when you can just do it at the default router with simple config.
And that route makes NO sense.. your routing 172.16.0.0/32 to your default router.. That sure and the hell is not doing anything.
Why can you not break out the crayons and draw your network on a napkin so we can discuss the correct way to do this?
BTW your clients are using a mask of /16... So 172.21.X would all be on the local network.. So no your client would never send anything to default router if it thinks the network is local... Please just draw up your networks and their masks and how they are connected to you so we can FIX the clear mess you have.
-
Good time
I posted an overview of the network to you
This network configuration is up to 172.30.1.0/16
-
172.21.1/16 and 172.21.2/16 are the SAME network.. Do you really have 65,000 some devices
172.21.1/24 and 172.21.2/24 would be different networks.. Are you saying that is 1 flat layer 2 network??
What is telecommunication line??? You have to have some device?? That connects these cities.. How is it your job to set this up??
Is this some sort of school work you have been assigned... Nobody could be this clueless and be responsible for setting this up..
-
@johnpoz
Yes, networks are in different cities with different IPs.
Each city has its own IP.
The communication lines are mpls.
The link between cities is via Cisco devices on the mplsEach city has its own separate internal network that is connected with this suffering with other citys
-
You can not have 2 cites with the SAME networks talk to each other - you would have to NAT between them... It would be a PITA..
Why do you not use different network
172.21.1.0/24 and 172.21.2.0/24 when you use mask of /16 you make it the SAME network.
-
Here is how you would do what your talking about..
Route in pfsense left would be 172.16/12 go to 192.168.0.2
Route in pfsense right would be 172.16/12 go to 192.168.0.6These are transit networks that connect to your mpls network which would route to your different locations. Clients in each location would only talk to pfsense as their gateway.. In the example 172.21.1.254 and 172.21.2.254
These are all different networks that could have 254 devices.. If you have more than that then you could increase the mask to /23 or even /22 - or create different vlans in each location.. As long as your different locations do not use overlapping networks..
