1. Home
  2. pfSense® Software
  3. NAT
  4. Green network (Mgmt) cannot talk out to Internet

Green network (Mgmt) cannot talk out to Internet

  • D

    I have been running pfSense for a number of years. I am totally stuck on this one. Please bear with me as it probably illustrates my lack of knowledge but after reading and working I'm still stuck.

    Problem Summary: Green network cannot talk out to Internet

    Environment:
    pfSense 2.4.4-RELEASE-p3
    (Red) WAN x.x.x.85 - GW Opt3 - x.x.x.81
    (Orange) LAN1 y.x.x.226
    (Green) Mgmt 192.168.6.7 - GW Opt1 - 192.168.6.254

    Detailed Description: I have 12+ servers on my pfSense firewall. I have a range of public IP addresses. To date, each server has an Orange interface and a green Interface. Each Orange interface has one or more public IP's assigned to it (ie y.x.x.x) and a Green interface (ie 192.168.6.x). Each go to their own respective switches and tie to pfSense. So everything has had a 1:1 tie to a public IP address.

    There are some servers that do not need a public IP - they interact only on the Green network between servers. However, they do need to talk out to the Internet for REST API calls, etc. I would like to drop the Orange (public) IP for these servers and just have them on the Green. But Green does not talk out to the Internet.

    Under Firewall...NAT...Outbound I selected "Hybrid Outbound NAT" and I've added one additional Mapping for "192.168.6.0/24" for Any.

    On a server (Linux) I do:
    route del default
    route add default gw 192.168.6.254 enp129s0f1

    then if I do a route command it hangs for an extended period and gives me the following:

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    default gateway 0.0.0.0 UG 0 0 0 enp129s0f1
    link-local 0.0.0.0 255.255.0.0 U 1009 0 0 enp129s0f1
    192.168.6.0 0.0.0.0 255.255.255.0 U 0 0 0 enp129s0f1

    I cannot ping 192.168.6.254 or x.x.x.85

    So I did the following:

    route del default
    route add default gw 192.168.6.7 enp129s0f1

    The route command still hangs for a while and displays the same as before.

    I can ping 192.168.6.7 and x.x.x.85
    I can not ping 8.8.8.8 or any other outside IP address

    Any help in getting this to work would be greatly appreciated.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy