Subnets can't communicate



  • How do I get hosts on both my subnets to communicate? So far only the pfSense boxes can ping each others adapters, but hosts are still unreachable. Is there something wrong with my setup? Untitled.jpg



  • Why you set a static route on pfSense2 for 192.168.1.0/24 while this subnet is on its WAN? This is not needed.

    Instead of the static route on pfSense1, you will need a static route on each device in 192.168.1.0/24 with that setup.
    It's better to connect the two routers with a seperate transit network.

    Also ensure that you have unchecked "Block private networks" in the WAN interface settings on pfSense2.



  • @viragomann said in Subnets can't communicate:

    Why you set a static route on pfSense2 for 192.168.1.0/24 while this subnet is on its WAN? This is not needed.

    Instead of the static route on pfSense1, you will need a static route on each device in 192.168.1.0/24 with that setup.
    It's better to connect the two routers with a seperate transit network.

    Also ensure that you have unchecked "Block private networks" in the WAN interface settings on pfSense2.

    Ok, so I should have 3 subnets total? Making the connection between both pfSense boxes its own subnet?
    I will try that and see if it works, thank you!



  • @WisceBIat said in Subnets can't communicate:

    Making the connection between both pfSense boxes its own subnet?

    Correct.
    In your setup the devices in 192.168.1.0/24 will send packets destined to 192.168.2.0/24 to pfSense1 if the don't have a route for that subnet, since it is the default gateway.
    With the static route on pfSense1 it may direct the packets towards pfSense2 though, but responses won't pass pfSense1 again and you will end up in an asymmetric routing issue.



  • Had a bit of time to try this out tonight, but realized I don't know how to create a new subnet in pfSense!



  • @WisceBIat
    You may use the existing physical interfaces and assign VLANs to it.
    Go to Interfaces > Assignments > VLANs and add an VLAN ID to the interface which is connected to the other. Then go to Interface Assignments, select the VLAN you've added before at Available network ports, hit Add, open and enable it and set an IP and subnet mask in a unused network range.
    To the same on the other box, but set another IP out of the new subnet.

    Then edit your static routes on both boxes to point to the new IPs.



  • Personally, I'd add a 2nd NIC to each box, then create a transit network between the two LAN interfaces and adjust your static routes accordingly.


  • LAYER 8 Global Moderator

    ^ exactly... if your going to do downstream router there needs to be a transit network.. NO HOSTS.. If your going to leverage a network with hosts on it, then you would need to be natting at the downstream router. Or you would need to put routes on every host in this network your using as transit. Or you will have asymmetrical routing issues.


Log in to reply