Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Green network (Mgmt) cannot talk out to Internet

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 170 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dgardner
      last edited by

      I have been running pfSense for a number of years. I am totally stuck on this one. Please bear with me as it probably illustrates my lack of knowledge but after reading and working I'm still stuck.

      Problem Summary: Green network cannot talk out to Internet

      Environment:
      pfSense 2.4.4-RELEASE-p3
      (Red) WAN x.x.x.85 - GW Opt3 - x.x.x.81
      (Orange) LAN1 y.x.x.226
      (Green) Mgmt 192.168.6.7 - GW Opt1 - 192.168.6.254

      Detailed Description: I have 12+ servers on my pfSense firewall. I have a range of public IP addresses. To date, each server has an Orange interface and a green Interface. Each Orange interface has one or more public IP's assigned to it (ie y.x.x.x) and a Green interface (ie 192.168.6.x). Each go to their own respective switches and tie to pfSense. So everything has had a 1:1 tie to a public IP address.

      There are some servers that do not need a public IP - they interact only on the Green network between servers. However, they do need to talk out to the Internet for REST API calls, etc. I would like to drop the Orange (public) IP for these servers and just have them on the Green. But Green does not talk out to the Internet.

      Under Firewall...NAT...Outbound I selected "Hybrid Outbound NAT" and I've added one additional Mapping for "192.168.6.0/24" for Any.

      On a server (Linux) I do:
      route del default
      route add default gw 192.168.6.254 enp129s0f1

      then if I do a route command it hangs for an extended period and gives me the following:

      Kernel IP routing table
      Destination Gateway Genmask Flags Metric Ref Use Iface
      default gateway 0.0.0.0 UG 0 0 0 enp129s0f1
      link-local 0.0.0.0 255.255.0.0 U 1009 0 0 enp129s0f1
      192.168.6.0 0.0.0.0 255.255.255.0 U 0 0 0 enp129s0f1

      I cannot ping 192.168.6.254 or x.x.x.85

      So I did the following:

      route del default
      route add default gw 192.168.6.7 enp129s0f1

      The route command still hangs for a while and displays the same as before.

      I can ping 192.168.6.7 and x.x.x.85
      I can not ping 8.8.8.8 or any other outside IP address

      Any help in getting this to work would be greatly appreciated.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.