two pfsense, two LANs

  • so my diagram is

    if PCs from lan2 have default gw 1.2, they got constant disconnects/reconnects from lan1 ctxfarm. (But initial connection passes, i found this very strange)
    Also vnc connections from lan1 to lan2 not working while lan2 PCs have default gw set to 1.2 . icmp is ok though.

    firewall rules on pf 2 LAN allow everything. NAT is ON only for WAN interface.

    what did I forgot to configure?

    ps: i think pf1 config is ok since if replace pf2 with cisco router (already configured, same addresses) everything works fine.

  • LAYER 8 Global Moderator

    That is horrible - why would you do something like that?

    Why do you think you need more than 1 pfs to do that, and if your going to use a downstream router - you don't put anything on the transit (your lan 2 in your drawing)

    For sure your traffic coming back from lan 1 to 2 would be asymmetrical

  • Well, everything is a bit complicated. pf1 and pf2 are administrated by 2 different parties and exsting of pf1 with some firewall rules is mandatory. Also there are other subnets in lan2 with default gw on pf2 LAN virtualips and they work fine. And there are hosts in lan2 which i cannot simply transfer to other subnets(or change their gw). I know that this is not a good setup. But,once again - everything works if i replace pf2 with cisco router. Unfortunately i don't have access its configs...

  • LAYER 8 Global Moderator

    Your pf2 and pf1 need to be connected via a transit... There is a difference between a stateful firewall and "router" That traffic as shown is asymmetrical.. And while a router might not care - a stateful firewall will for sure.

    Just run a vlan over your lan 2 L2 as transit network between pf1 and 2 and your asymmetrical problems go away.

    Or just host route on anything in Lan 2 that needs to talk to everything in Lan 1

  • I'll try that, thanks.

