Trouble with two internal LANS and routing between


  • Hello all,

    Bear with me, I'm new to the Netgate interface. I have a NG7100 that we are going to be implementing to replace a very old firewall. I am currently having an issue attempting to route between two segregated LANs in our deployment.

    WAN: Public IP coming from a core router
    LAN1: 192.168.3.0/21.
    LAN2: 172.16.1.0/24

    Current setup:
    ETH2 IP 192.168.3.1 (gateway for LAN traffic on 3.0/21)
    ETH2 VIP Alias 172.16.1.253 (172.16.1.1 GW lives on another router)
    Created a gateway in "routing" for 172.16.1.253
    Created rules in the firewall for 172.16.1.0/24 > 192.168.3.0/21 AND 192.168.3.0/21 > 172.16.1.0/24.

    This set of rules does not allow a client on 192.168.3.0 to ping 172.16.1.1.

    I then tried to create a static route for 172.16.1.0/24 to the 172.16.1.253 gateway. Pings then return an expired TTL value, meaning I have inadvertently created a loop somewhere in my routing.

    Can someone please explain to me what I've botched here? I understand this is probably more of a routings question than a Netgate question, but how do you learn if you don't ask, right?


  • @bascom_joshg
    So you have both subnets set up on a single interface?
    If you need more interfaces get a VLAN capable switch!


  • @viragomann
    All of the additional switch interfaces are available on the front of the NG except 1 and 2. I was reading through old forum posts and found where someone was able to resolve their routing issue by using a VIP in the netgate, figured it wouldnt hurt for me to try the same thing.

    I'll go back to the separate interfaces approach and try to config again, but I feel like I'm missing something. I have a 3750 behind the Netgate, so I could VLAN it that way as well, but I would prefer not to, since the NG will be doing the routing anyway.