Routing between local subnets (on one interface each)
-
Hi.
Here is my Configuration for now:
iam using the "pfSense-1.2.2-Embedded.img" on "alix.2d3" Hardware
configured Interfaces:
LAN [vr0] as 192.168.0.1 client Network
WAN [vr1] as 192.168.178.3 static I-Net Connection over another Router(192.168.178.1)
OPT1[vr2] as 192.168.242.1 client NetworkFW-Rules:
For LAN: Pass # ANY Protocol # LAN -> ANY
For WAN: Standard(Block private networks, Block bogon networks)
For OPT1: Pass # ANY Protocol # OPT1 -> ANYThe Problem is that there is no Routing between the two Subnets
so no Ping or any traffic between, either from "LAN -> Opt1" or "Opt1 to LAN".must i activate routung between the two Subnets manually via console?
Is there a FreeBSD "gateway_enable="YES"" switch?Can anybody please help?
-
From your configuration, it looks as if you have another device functioning as the NAT/PAT Translator/Stateful inspection/firewall function (your WAN interface is numbered in private address space), so perhaps you need to turn off the firewall feature in pfSense in the advanced section to make it a straight router?
Its in the "Traffic Shaper and Firewall Advanced" section of the Advanced page labeled "Disable all packet filtering".
Also, blocking private networks and bogons on your WAN will prevent any 192.168.x traffic from the upstream router since 192.168.x traffic is defined as private.
As for routing between LAN's in firewall mode, Im not sure pfSense was designed for that. Cisco, Sonicwall, and other commercial firewall vendors generally dont recommend routing with your firewall appliance. Layer 3 switches, router appliances, Windows/Linux/BSD boxes with Quagga or other routing software is usually best.
Windows server with RRAS enabled actually isnt too bad a router since Microsoft's routing engine in their server has been based on license Bay Networks code from back in the 2000 days.
-
Problems solved!
The Problem was me, not pfSense,
but although thank you for your reply ITCoresys.I didn't know or remind that Windows ICMP-Ping(Reply) is deactivated by default on actual Windows Machines. So there even is no "Linux, Unix,…-Ping" if you have activated Windows-Shares on machine A and B and of course opened corresponding Ports in the FW.
So there is a "Windows-Ping" which only works under Windows machines in the same Subnet. The "ICMP-Ping-Reply" must be manually activated at your Windows-Machines of which you want to get an answer(for windows XP and higher i think).
Maybe If you have a Wins-Server in both Subnets which are integrated as DNS-Server, the ICMP-Ping(by IP!) may work. I didn't test it, but Windows-Shares over a router only work when you've such Servers in your Subnets as I think due to my test. Even connect to a Windows-Share by IP (\%IPAddress%) over the router didn't work! I don't know why, and there are meanings that this should work! Maybe someone can get me some information for that - so for now i think i must have a Windows Server(which is solving "some" requests?) in both Subnets to use any type of Windows-Share over a Router.
I've tested it with Windows732(Final) as A and Vista64 as B and as iam using Win-Server(as DNS Entry only for my Clients that are not in Domain) in both subnets there where no problems anymore - What a s***!
Maybe it is also helpfull to mention that of course I've used IPv4 only.
Hopefully this would help someone else which such a halfknowledge like me.
Thanks to pfSense for such a great product!