Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New to PFsense and I need help with my network setup

    Routing and Multi WAN
    4
    13
    4.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dhayes
      last edited by

      My network consist of 4 sites. site1 - 192.168.1.0, site2 - 192.168.2.0, site3 - 192.168.3.0, site4 - 192.168.4.0.  The pfsense box is housed at site1 and is bind locally on the LAN side as 192.168.1.1 and WAN side to the internet at 216.x.x.x. All other sites are connected  via MPLS routers and connect at site1 router @ 192.168.1.3 to the pfsense box which provides internet access the whole agency. Myproblem is the pfsense box is not allowing the other site internet access and I know it's a pfsense configuration issue. I've setup rules for each site, static routes  and NAT, but Site2 thru site4 cannot surf the internet. They can get to the local servers housed at site1 and I can ping the other sites gateways. Please help me with any suggestions or pfsense configuration ideas.
      Please excused this if it's a basic routing question I'm a neophyte to this routing arena of IT. :)

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        It would help to know what devices are using for a default gateway at the various sites, and how the routing is setup on those devices. Have you tried pinging hosts at the various sites from the pfSense box itself? That might shed some light. I would suggest posting a network diagram to get more useful responses.

        1 Reply Last reply Reply Quote 0
        • D
          dhayes
          last edited by

          Here is a quick drawing. I hope this helps. I also want to add that I replaced a linksys router with the pfsense box, thing this will give me better firewall capabilities and better VPN and router flexibility. The Ascend routers were place by our telecommunication vendor as part of our MPLS setup. Yes, I can ping from the pfsense box to all routers.

          ![network setup.jpg](/public/imported_attachments/1/network setup.jpg)
          ![network setup.jpg_thumb](/public/imported_attachments/1/network setup.jpg_thumb)

          1 Reply Last reply Reply Quote 0
          • jahonixJ
            jahonix
            last edited by

            How does 192.168.3.1 connect to 192.168.1.3 subnet wise?

            As mentioned before, give your netmasks and the routing entries in the routers.
            What's the netmask of 192.168.1.1 for example: 255.255.255.0 ( = /24)  or 255.255.0.0 ( = /16)  or something inbetween???

            1 Reply Last reply Reply Quote 0
            • D
              dhayes
              last edited by

              Subnet mask is 255.255.255.0 ( /24) for all sites.

              1 Reply Last reply Reply Quote 0
              • dotdashD
                dotdash
                last edited by

                Information on the routers configuration is key. If we assume the remote routers have a route of last resort pointing to the central site router, the central router needs to know the Internet is off the pfSense box. I would test ping connectivity from the firewall and the routers and see what that shows.

                1 Reply Last reply Reply Quote 0
                • D
                  dhayes
                  last edited by

                  I will contact the vendor who installed the ascend routers and relay the info when I receive it. I would assume the last resort pointing is to the central site because the pfsense box is replacing the Linksys router that was there and functioning with this same setup and network configurator. I tried to mimick the same setup of the linksys with the static routing on the pfsense box.

                  1 Reply Last reply Reply Quote 0
                  • D
                    dhayes
                    last edited by

                    I' ve spoken with my vendor and he confirmed that the remote routers last resort pointing is to 192.168.1.1 which is the pfsense box LAN card. I hope this helps with clarificaion of the configuration.

                    1 Reply Last reply Reply Quote 0
                    • jahonixJ
                      jahonix
                      last edited by

                      Your pfSense is 192.168.1.1/24
                      An IP packet arrives on its LAN port from site1 192.168.3.x/24 (some host there). It is out of pfSense's LAN range and you cannot generate rules to let it pass to WAN except you setup multiple subnets on LAN. Which I wouldn't do.
                      So how do you want to pass packets from somewhere other than 192.168.1.1-192.168.1.255 through your LAN port?

                      I'm not the routing expert and am unexperienced with MPLS. If someone wants to add knowledge I'd appreciate it!

                      1 Reply Last reply Reply Quote 0
                      • dotdashD
                        dotdash
                        last edited by

                        This should be fine if:

                        1. You have NAT rules for the additional subnets, or just change the mask from /24 to /16 (yeah, you could use a /22)
                        2. The rules on the LAN are similarly modified to include the other subnets.
                        3. The static routes are correctly configured on the pfSense box.
                          I've said before, DO SOME PING TESTS from various devices- the firewall, the routers, hosts on the various subnets.
                        1 Reply Last reply Reply Quote 0
                        • jahonixJ
                          jahonix
                          last edited by

                          @dotdash:

                          This should be fine if:

                          Yes, if.
                          dhayes was asked about these infos a couple of times but is holding back.
                          With the information given I assume it is not working (I think dhayes didn't even mention the term 'NAT', why should I assume it's configured???)

                          Anyway, thanks for your feedback.

                          1 Reply Last reply Reply Quote 0
                          • W
                            wtsexton
                            last edited by

                            dhayes, per our conversation on the phone I setup a network which is close to yours.

                            Adding the static routes and allowing the networks under the LAN firewall section was all that was required to get it working.
                            Included here is a copy of the configuration and diagram of my test network.

                            Information in the diagram and configuration were altered for security reasons.

                            testsetup.png
                            testsetup.png_thumb
                            runningconfig.txt

                            1 Reply Last reply Reply Quote 0
                            • D
                              dhayes
                              last edited by

                              Thank you wtsexton
                              This seems to work and all is well. The reconfiguring of the rules did the trick. Dotdash and Jahonix your assistance and responses were appreciated and helped tremendously.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.