Routing LAN networks

mrpijey

Well, seems I can get no help here. All I asked for was to how to setup the firewall rules so I can route traffic between my LAN network (10.0.0.0/24) to my LAN2 network (10.0.1.0/24). I've tried a lot of different settings, in Firewall/Rules, Firewall/NAT/Outbound, in System/Routing, searched the net but it seems a lot of people have issues with this. And no one can give a clear answer. No guides anywhere, only guesses that leads nowhere.

I might have to find a proper hardware router to do this properly as it seems no one can give me a simple explanation on how to set it up properly.

JeGr

@mrpijey said in Routing LAN networks:

I've tried a lot of different settings, in Firewall/Rules, Firewall/NAT/Outbound, in System/Routing, searched the net but it seems a lot of people have issues with this. And no one can give a clear answer. No guides anywhere, only guesses that leads nowhere.

What are you even talking about? You asked about where to setup firewall rules. There is only one place. Firewall rules. Period. That is working on almost any hardware setups and in many virtual ones without a single problem. I don't know where you get the

but it seems a lot of people have issues with this. And no one can give a clear answer. No guides anywhere, only guesses that leads nowhere.

I've read many posts and seldom see one that has problem with the simple basic question as to where and how to setup rules from one LAN to another (and vice versa). They are set up on the Interface that the package comes in first. easy as that. If they don't work or your routing doesn't work than you have problems laying deeper than asking simple questions. That's why I see people here asking questions about you running virtualization and which one, how you have configured this and that. But sure, if you ignore them, don't have the patience or will to debug your problem seriously and only want to see that "no one is helping you" - than perhaps some easy hardware one-click solution might be the right thing for you.

I can only wish you more luck then.

johnpoz

Sorry I missed your reply, there are hundreds of posts.. I can not get to all of them :)

But from your posting you have nothing setup up other than access ports - your not allowing any tagging in your hyper-v. Would have to read through the thread again to figure out what your trying to do exactly.

But this is pfsense forum, not hyper-v.. If you want to understand how to do vlans in hyper-v I would suggest you ask on their forums.. You might get lucky and get someone willing to help..

I already linked to a thread where I went into great detail how to do vlans on hyper-v, which is actually a VM software that I pretty much loath ;) Its a joke compared to esxi for example.. ;)

But it has nothing to do with pfsense - do you provide the tags to pfsense or not is the big question.. If you want pfsense to use tags, then they have to be seen by pfsense, if not - then its just native traffic.. And you wouldn't setup vlans in pfsense if there are no tags for it to use. So just comes down to firewall rules on the native interface if there are no vlans setup in pfsense.. If you setup vlans in pfsense and there are no tags on the traffic then that vlan interface in pfsense would not see that traffic to do anything with no matter what your rules are.

mrpijey

@JeGr said in Routing LAN networks:

@mrpijey said in Routing LAN networks:

I've tried a lot of different settings, in Firewall/Rules, Firewall/NAT/Outbound, in System/Routing, searched the net but it seems a lot of people have issues with this. And no one can give a clear answer. No guides anywhere, only guesses that leads nowhere.

What are you even talking about? You asked about where to setup firewall rules. There is only one place. Firewall rules. Period. That is working on almost any hardware setups and in many virtual ones without a single problem. I don't know where you get the

but it seems a lot of people have issues with this. And no one can give a clear answer. No guides anywhere, only guesses that leads nowhere.

I've read many posts and seldom see one that has problem with the simple basic question as to where and how to setup rules from one LAN to another (and vice versa). They are set up on the Interface that the package comes in first. easy as that. If they don't work or your routing doesn't work than you have problems laying deeper than asking simple questions. That's why I see people here asking questions about you running virtualization and which one, how you have configured this and that. But sure, if you ignore them, don't have the patience or will to debug your problem seriously and only want to see that "no one is helping you" - than perhaps some easy hardware one-click solution might be the right thing for you.

I can only wish you more luck then.

Well that's the problem, i've asked on how to set it up. All I've got so far are discussions about VLAN tagging and principles behind the routing, not an actual example.

I want to route traffic from 10.0.0.0/24 to 10.0.1.0/24 and allow traffic to flow between the two. How is that setup? How are the rules set up for this?

This is what I need to know.

Ignore all the VLANs and all that, I can set it up without using VLANs through a physical NIC and separate switch (and yes, I know how to setup VLAN tagging in Hyper-V as I've provided a screenshot displaying the ports being tagged, and I can ping the machines between pfSense and the clients within the same network partition, so tagging works. But ignore the tagging, atm I am doing it all untagged, no VLANs, both networks tied to physical NICs and clients connected to separate switches).

@JeGr said in Routing LAN networks:

@mrpijey said in Routing LAN networks:

I've tried a lot of different settings, in Firewall/Rules, Firewall/NAT/Outbound, in System/Routing, searched the net but it seems a lot of people have issues with this. And no one can give a clear answer. No guides anywhere, only guesses that leads nowhere.

What are you even talking about? You asked about where to setup firewall rules. There is only one place. Firewall rules. Period. That is working on almost any hardware setups and in many virtual ones without a single problem. I don't know where you get the

but it seems a lot of people have issues with this. And no one can give a clear answer. No guides anywhere, only guesses that leads nowhere.

I've read many posts and seldom see one that has problem with the simple basic question as to where and how to setup rules from one LAN to another (and vice versa). They are set up on the Interface that the package comes in first. easy as that. If they don't work or your routing doesn't work than you have problems laying deeper than asking simple questions. That's why I see people here asking questions about you running virtualization and which one, how you have configured this and that. But sure, if you ignore them, don't have the patience or will to debug your problem seriously and only want to see that "no one is helping you" - than perhaps some easy hardware one-click solution might be the right thing for you.

I can only wish you more luck then.

I did indeed setup VLAN tagging on the virtual machines as well as the virtual switch during testing, but for now ignore all of that. Both pfSense ports are tied to physical NICs, and the test clients are connected to two individual switches on each NIC. And I one client on one switch to see and talk to the other client on the other switch. Each client can ping its own pfSense interface it's connected to, but not the other.

As suggested by awebster I did setup an ANY rule on each of the interfaces (the default LAN one had one already, added one to the other LAN2 one) but it did nothing to allow pinging or traffic to an another client.

johnpoz

Post your rules dude.. If your saying each client can ping pfsense gateway... There is NOTHING to do for routing.. Unless your forcing clients a vpn service or whatever via some policy route

Post the rules on your interfaces..

As any router, it will automatically now how to route traffic between interfaces its attached too.. So you have to allow whatever traffic you want via firewall rules.. That is it.. And you have to take into account any host firewalls.

As to this

I did indeed setup VLAN tagging on the virtual machines as well as the virtual switch during testing

That is wrong - if you setup vlans in the vswitching of your VM Host it strips the tags presented to the client... So I will say it again understanding how YOUR software of choice handles tags is on you - has zero to do with pfsense.. Zero!!

awebster

@mrpijey said in Routing LAN networks:

This is what I need to know.

Allow ipv4 * * * * *

That being said and because you brought up my earlier post, I want to point out that pfSense works as advertised, and while it is unfortunate that you are having difficulties making it work, I feel that it is inappropriate to vent your frustration that you aren't getting support for an unrelated product. You may argue that a hypervisor is related to pfSense, and indirectly it is, but you can't expect people knowledgeable in product X to help you with product Y beyond the most basic support.

So,

• Show us your network diagram. That will generally help people on this forum better understand how its all hooked up. You don't need to be a graphic artist, you can draw it by hand and take a photo.
• What other devices are on the network that can be contributing to the problem?
• Is your WLAN really an access point, or in fact a wireless router?
• How does the traffic flow at the layer 2 level. Keep in mind pfSense is layer 2 aware. If there are asymmetric traffic flows they will be blocked.

mrpijey

@awebster This is the kind of pointless answer that is the source of my frustration. pfSense is primarily managed through its web interface, so I would expect an answer that told me where in this user interface I would need to configure my settings (a screenshot etc). I already know the principles of routing, and I never had any issues with commercial firewalls and routers, but for some reason pfSense refuses to cooperate. And how is this getting support for an unrelated product? Isn't pfSense made by NetGate? Mind you, I didn't ask for help with Hyper-V or VLAN tagging, I only answered @johnpoz question about Hyper-V VLAN tags. But I only asked and expected answers, only regarding the routing firewall rules in pfSense. I did mention the whole setup so you would better understand my configuration, but I've also mentioned last that I removed all that to avoid all potential sources of problems, tied pfSense to physical NICs and connected physical clients, all for testing. I will deal with VLAN tagging and all that later.

Your answer was no help to me as I already understand the principle of "allow all traffic". But since I failed to get it to work so I asked for some clear examples yet all I get are vague answers that are no help to anyone without intricate knowledge of the UI. I have no doubt pfSense can do what I want, but I needed to know how to set it up. Visually. You know, a screenshot? Something to help me relate to the UI of pfSense.

But no matter, I asked the same question in a different forum and immediately got an answer with a screenshot of how it was supposed to be set up and where, and it worked once I adjusted the settings for my network setup.

To @johnpoz and the others, thanks for the assistance. I understand there's a lot of posts and a lot of members asking for stuff, I was just getting frustrated that this topic went on for so long without a single clear answer of how to setup pfSense to allow traffic between networks.

Thank you for an excellent product, been using pfSense since I switched from Smoothwall some 10 years ago, but until now I never needed to do any manual routing or anything like that. And it's been rock solid.

awebster

@mrpijey said in Routing LAN networks:

where in this user interface I would need to configure my settings (a screenshot etc). I already know the principles of routing, and I never had any issues with commercial firewalls and routers

(my emphasis) but WOW! ...truly astonishing!

You asked for help and the forum helped but you balked, but if what you really wanted was a YouTube video showing you how to set it up, then all you had to do was search for pfSense in YouTube; there are hundreds!
First hit: https://www.youtube.com/watch?v=9kSZ1oM-4ZM no affiliation and the dude looks pretty competent.

See also: http://xyproblem.info/

mrpijey

@awebster I did not ask for a youtube video, I asked for some professional help in the public forum of the company that made the product.

I did however not ask for your unprofessional attitude. Please do not reply to my threads anymore.

My issue has been resolved.

Thank you.

johnpoz

@mrpijey said in Routing LAN networks:

went on for so long without a single clear answer of how to setup pfSense to allow traffic between networks.

As already stated there is NOTHING to do for routing.. NOTHING!!!! I mean ANY router that has directly attached interfaces will know how to route between them.. PERIOD!! The only time you would have to add routing info would be if you have specific upstream networks that need to go somewhere different than your default router, or you have downstream networks via a transit network.

Your also running a firewall - so yes you will have to create a firewall rule to allow the traffic. Pfsense only put default any any rule on your lan, any other interfaces you create will have zero rules out of the box.

Your thread turned into asking about vlans and hyper-v.

You were told less than 30minutes after your post that you would have to create firewall rules to allow traffic between interfaces.