Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LAN routing to VLANS

    Routing and Multi WAN
    4
    29
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Malicair @viragomann
      last edited by

      @viragomann

      I created a LAN gateway of 192.168.50.2 and setup a route for destination addresses of 10.10.x.x to that GW. Is this sufficient?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Malicair
        last edited by viragomann

        @malicair
        Yes, but don’t state it in the LAN interface settings, only in System > Routing > Gateways.

        However, also this does only matter on inbound connections.

        M 2 Replies Last reply Reply Quote 0
        • M
          Malicair @viragomann
          last edited by

          @viragomann
          I did not change any settings in interfaces > LAN

          I went to System > Routing > Gateway and created the following:
          Interface: LAN
          Gateway: 192.168.50.2

          Then into System > Routing > Static Routes and created the following:
          Destination Network: 10.0.0.0 /28
          Gateway: (selected 192.168.50.2)

          NAT > Outbound:
          4ae756d0-029c-40fc-ab75-cc47c382d529-image.png

          I'm still not getting connectivity.
          When I look at the firewall log I see both LAN and WAN deny of 10.x clients

          V 1 Reply Last reply Reply Quote 0
          • M
            Malicair @viragomann
            last edited by

            @viragomann
            FYI: It's late here.. going to pause until morning.

            Thanks!

            1 Reply Last reply Reply Quote 0
            • V
              viragomann @Malicair
              last edited by

              @malicair said in LAN routing to VLANS:

              When I look at the firewall log I see both LAN and WAN deny of 10.x clients

              Can you post a screenshot, please?

              M 2 Replies Last reply Reply Quote 0
              • M
                Malicair @viragomann
                last edited by

                @viragomann
                Want to circle back with you regarding the /28 designation that you referred to previously. As I understand it a /28 only has 15 addresses so a 10.0.0.0 would have a range of 10.0.0.0-10.0.0.15. Whereas a /8 would provide a range from 10.0.0.0-10.255.255.255 which would cover all 10.x addresses. Shouldn't I be applying a rule with a /8 to cover each of the VLans I have within 10.10.x.x & 10.20.x.x (10.10.8.x, 10.10.10.x, 10.10.14.x, 10.20.0.0)?

                V 1 Reply Last reply Reply Quote 0
                • M
                  Malicair @viragomann
                  last edited by

                  @viragomann
                  Here is a screen shot of the firewall syslog:
                  7e7cb0dc-409e-44cd-b80b-0315281aa57e-image.png

                  1 Reply Last reply Reply Quote 0
                  • V
                    viragomann @Malicair
                    last edited by

                    @malicair
                    Yes, I was tired yesterday evening.
                    For your networks you need at least 10.0.0.0/11 (10.0.0.0 - 10.31.255.255).
                    Or even add a separate route for each subnet.

                    Also the blocks by the firewall results of the too small range.

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      Malicair @viragomann
                      last edited by

                      @viragomann
                      OK, seems that I have full connectivity working now. :)

                      I created rules for both the WAN and LAN interfaces allowing the traffic for the 10.0.0.0/8 network. Initially I had a mistake in only allowing TCP, which showed up in the syslogs so changed that to ANY and now my clients are connecting.

                      After multiple days of chasing the configuration I'm quite happy that it's now working. THANKS MUCH!!

                      Now onto my next step of getting the NORDVPN working. (AFTER SAVING MY CONFIG!)

                      Cheers and have a great day!

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.