Lan 2 Lan with multiple GW on each lan


  • Hi,
    I try to make a link between 2 lan (on pfsense), but the Lan1 has another GW than pfsense by default.
    An host on LAN1 configured with pfsense has GW is reachable.
    Other host configured by default with th Router1 as GW is not reachable from LAN2 through pfsense.

    2020-08-28_14-50.png

    I've just rules to open * to * bidirectionnaly on LAN1 & LAN2.

    Is anyone have an idee ? any masquerade option ?

    Thanks all

  • LAYER 8 Rebel Alliance

    Your routing is asymmetric.
    Why not add pfSense as gateway on host 1?

    -Rico


  • Hi
    Sure.
    But on LAN1, I have a full network with lots of users, hosts, devices ... So I can't just replace router1 simply.

    My idea was to create a second network interconnected, and move hosts and users step by step.

    I just must be capable to address any host from all LAN2 ... After some trys, I can make it changing the GW on hosts.

    I don't understand why a request from pfsense to an host can't return to source, but try to use the default GW.

    If it's not possible I try another way ...

    Thanks

  • LAYER 8 Rebel Alliance

    What is OS is host 1? Windows, Linux, ... ?
    You could just add a static route on host 1.

    -Rico


  • Oh,
    And the idea is not to route all traffic of LAN1 to pfsense now ...

    I've lot of devices on this lan. Some Linux, some windows, and lots of wifi, camera, nas, printer ...

  • LAYER 8 Rebel Alliance

    Well so add a static route for that 192.168.1.0/24 network with the gateway set to 10.72.1.62

    -Rico


  • I try it ...
    I've added a static on the router1 (stormshield SN300), to route traffic to 192.168.1.0/25 to pfsense.
    So I've access to the router1 interface from lan2, but no to other hosts on lan1.
    Maybe a rule blocking.
    I've try to add rules to open traffic to pfsense (to ip and lan2), but without result.

    Thank for your help !
    I've to quit for today but I keep thinking of this.

  • LAYER 8 Rebel Alliance

    /25 is the wrong Mask.

    -Rico


  • @Rico
    Sorry, just an error writing the message. My rule was /24

    New test : From pfsense host I can ping / curl any host on the lan 1
    Hosts on lan1 with default GW set to pfsense works from all LAN

    router1 with a static route to 192.168.1.0/24 => gw:pfsense. I can access to admin interface of router 1 from lan 2 (without this rule, it's not working)

    I've create a rule on router1 to accept all trafic to lan2 net (192.168.1.0/24), but no result ...