4. pfsense are router ONLY

pfsense are router ONLY

  • A

    setup.jpg
    I have the above setup :)

    Basically trying to make pfsense as router so I disabled packet filter and NAT
    My goal is to route traffic from 192.168.1.14 to 192.168.62.1
    So on R1 I create route for 192.168.62.0 and on pfsense I create GW on 192.168.61.1 interface and then create static route for 192.168.1.0 (all pictures are attached)

    When I do Wireshark on the 192.168.62.1 I can see the traffic coming from 192.168.1.14 , but it dies on the way back as there is no reply on 192.168.1.14 , However I see packet from 192.168.61.254 to 192.168.62.1 (TTL exceeded in transit). so my guess there is a loop somewhere

    wireshark.jpg

    here is my setup on pfsense
    GW-pfsense.png

    static route pfsense.png
    fw-setup.jpg
    no nat.jpg
    route.jpg
    What do I missing here ?
    BTW if I replace pfsense with cisco virtual router or arista it work immediately so the problem is in pfsense configuration
    All lab is esxi 6.5

    0
  • LAYER 8 Global Moderator

    why are you creating a gateway to itself?

    The default route will get it back to 192.168.1

    if you were going to create a static route to 192.168.1 the it would point to 192.168.61.1 - not itself.

    0
  • A

    Not sure I follow you here :)

    default route is on the WAN interface and 192.168.1.0 traffic coming from 192.168.61.254 interface.
    can you please explain what do I need to do here exactly

    Thanks

    0
  • A

    Now I got it :)

    Thanks for the hint
    However if I have 2 routers as failover one 192.168.62.1 and one 192.168.62.2 , how do I setup the route in pfsense so if 192.168.62.1 went down traffic will do to 192.168.62.2 ?

    Thanks

    0
  • LAYER 8 Global Moderator

    It would never be setup that way... If you had 2 routers upstream you would do it via carp or hsrp setup, ie HA and your router would point to the vip of the HA pair.

    If you had 2 different upstream routes to get to the same place then you normally setup some sort of automatic route handling so that the route from r1 would fail when you need to use r2.. Say BGP or EIGRP, etc.

    Or you could do it with say a failover group on pfsense I guess. But this would seem a bit nuts if you control the upstream router pair.

    0
  • A

    hmm , other solutions I can point the route to the interface (which I can't in pfsense) and thenR1 and R2 use GARP to announce themselves if one of them got down.
    I tried that with Cisco for example and it worked , but not sure how to do it in pfsense since I can't use interface as GW insetead of IP
    Thanks

    0
  • LAYER 8 Global Moderator

    I would suggest you read
    https://docs.netgate.com/pfsense/en/latest/routing/multi-wan.html

    0
  • A

    Thanks for all your help , I have been there and trying to make it work :)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy