Problem Route with LAN?

kor_sal · Sep 2, 2019, 8:23 AM

Dear all,

I've been always a follower to this forum and looking to be an active member here to learn more on pfsense!

I have this problem.

My previous setup was like this:

My setup now:
192.168.1.0...(LAN)--> pfsense (NAT) --->DSL modem---> Internet
172.16.1.0..(LAN2)-->Mikrotik-->pfsense(OPT_Interface)
It's not working, unfortunately and I don't know why!

Pfsense have three interface (WAN,LAN,OPT). LAN1 i use ip address 192.168.1.0/24 by default. OPT i use 10.0.0.0/29. OPT interface (IP:10.0.0.1)that have connect to Mikrotic router. I have route to LAN2 and add rule like allow any and NAT I choose Manual Outbound and add new Mapping

Mikrotic Router have two interface. One interface connect to Pfsense (IP :10.0.0.2) and other interface For LAN2(172.16.1.0/24). I have route to LAN1 by static route and also to NAT.

here it is:
i can't ping the 192.168.1.0/24 from Mikritic.
i can ping 172.16.1.0/24 from Pfsense LAN
i can use internet from 192.168.1.0

can anybody tell me whats going on?
can plz anybody give me a hint, it must be something that I'm not noticing!

KOM · Aug 30, 2019, 4:45 PM

If I understand you correctly, you're asking a pfSense forum how to configure your Mikrotik to be just a switch or bridge?

https://forum.mikrotik.com/

akuma1x · Aug 30, 2019, 4:47 PM

Why don't you NOT double router/firewall your network, and use only 1 of those devices - either pfsense or mikrotik?

Jeff

kor_sal · Sep 1, 2019, 1:42 PM

This post is deleted!

kor_sal · Sep 1, 2019, 1:55 PM

This post is deleted!

johnpoz · Sep 1, 2019, 4:49 PM

Create a gateway in pfsense pointing to your 20.x.x.x/30 IP of your mik router - btw 20 - is public space.. Don't use that as a transit network.. use 10/30 if yoru using 192.168 and 172 address space.. Also 172.168 as also public.. Are those typo's? Did you pull those out your ____ ?

Once you have the gateway setup to your mik, create a route for the networks downstream of your mik.. Your mik is not natting is it?? If so to allow traffic to network behind mik you would have to create port forwards on your mik.

Then create rules on opt to allow the trafic you want.

Still wondering what is the point of this... Just hang that network behind the mik directly on your opt interface of pfsense.

Use of downstream router is normally not something new user to networking would need or want to do.. If you have graduated to the want/need of a downstream router you should have the understanding of routing to implement it.

kor_sal · Sep 2, 2019, 2:50 AM

johnpoz thank for reply.
Now I can ping from LAN(192) from ping to LAN(172)on Mikrotic.
But when I ping from LAN(172)from Mikrotic to LAN(192) cannot reply (destination host unreachable).
How to resolve that problem? Please help.

Thank for reply.

johnpoz · Sep 2, 2019, 2:52 AM

Well you would have to have routes on your mik, I just assumed its default would be towards pfsense 20.x interface

You have fixed these BAD network IPs, or were they just typos?

kor_sal · Sep 2, 2019, 3:10 AM

Yes, IP on LAN (192,172,20) I just assign it for testing . When I success testing i will change those IP to the right standard private network. But I still have that problem. On my Mik router i have static route to (192.168.1.0/24 gateway 20.0.0.0). If you not sure about my problem i will screenshot my route to you.

kor_sal · Sep 2, 2019, 3:24 AM

johnpoz · Sep 2, 2019, 3:49 AM

Well that looks wrong.. how is 192.168 lan reachable?

chpalmer · Sep 2, 2019, 6:28 AM

Dude.. Fix your LAN addresses first!

https://lmgtfy.com/?q=lan+address+ranges

There are reasons..

seanbull · Sep 2, 2019, 7:19 AM

Can you send us a screenshot?

kor_sal · Sep 2, 2019, 7:45 AM

This post is deleted!

kor_sal · Sep 2, 2019, 1:19 PM

After i try to verify one by one. Now i saw a problem and solve it . I assign a wrong get way on router. Really happy and Thank you for all your help.