• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Connecting two subnets with pfsense router

General pfSense Questions
route gateway router internal
3
5
730
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    calebnetworking
    last edited by calebnetworking Feb 6, 2024, 4:28 AM Feb 6, 2024, 4:26 AM

    Hi, I have used virtualbox to create 3 virtual machines, 2 with debian OS which will act as host and client and 1 for pfsense. The IP addresses of my debian VMs are static, along with my IPs for em1, em2 and em3 interfaces on the router.
    login-to-view

    I am trying to send a ping from IOT (172.16.160.2) to debianuser (10.1.1.2) and vice versa, but I am getting a "ping: connect: Network is unreachable" on both machines.

    My current understanding of what should have happened:

    1. Host 172.16.160.2 sends a ping to client 10.1.1.2
    2. ARP request sent to local gateway (172.16.160.1) on the router
    3. Router checks destination IP address against all reach-able interface (em0, em1, etc) till the final hop reaches a gateway who can locally reach the destination IP (gateway 10.1.1.1).
    4. Client 10.1.1.2 sends an ARP reply
    5. Router adds the MAC/IP information to its ARP cache
    6. Host is able to send a ping to client

    This section will contain more information of the set up, accompanied by screenshots.

    1. List of interfaces - em0, em1, em2 and em3.
      login-to-view
      login-to-view
      login-to-view
      login-to-view
      login-to-view

    2. PFsense Firewall rules for LAN - I added a rule to accept everything from IPv4
      login-to-view

    3. PFsense Firewall rules for OPT1 - I added a rule to accept everything from IPv4
      login-to-view

    4. OS Firewall rules of debianuser (10.1.1.2) - No firewall rules, I added the chains previously
      login-to-view

    5. OS Firewall rules for client (172.16.160.2) - No firewall rules
      login-to-view

    6. Gateways
      login-to-view

    Questions

    1. Why is the host unable to ping the client? I assume that the routing is done automatically when internal networks are connected directly to the router.
    2. It makes sense for there to be switches to redirect the traffic to the correct device on a LAN. However, I am not sure if it is set up by default. I am also unable to find the switch settings on the Pfsense web GUI under Interface > Switch. Do I have to set those up to route?

    Thank you for reading! I will appreciate any input you'd have for me!

    S 1 Reply Last reply Feb 6, 2024, 6:21 AM Reply Quote 0
    • S
      SteveITS Galactic Empire @calebnetworking
      last edited by Feb 6, 2024, 6:21 AM

      @calebnetworking it should “just work.”

      The Switch menu in pfSense is for Netgate models with built in switches so not relevant. Instead check Diagnostics/Routes.

      Is the netmask correct on all interfaces? Gateway correct(pfSense) on the two devices?

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      C 1 Reply Last reply Feb 6, 2024, 6:51 AM Reply Quote 1
      • C
        calebnetworking @SteveITS
        last edited by Feb 6, 2024, 6:51 AM

        @SteveITS Thank you so much for your reply! I did not know that I had to set a default gateway for my devices. I am able to ping the two devices now after setting those up. 👍

        S 1 Reply Last reply Feb 6, 2024, 7:18 AM Reply Quote 1
        • S
          SteveITS Galactic Empire @calebnetworking
          last edited by Feb 6, 2024, 7:18 AM

          @calebnetworking Yep the gateway is for “not my network, send to something that knows better.” :)

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 1
          • S
            stephenw10 Netgate Administrator
            last edited by Feb 6, 2024, 7:58 AM

            You should not have gateways set on LAN or OPT1. (or possibly OPT2). Only the WAN should have a gateway set for pfSense and that is added automatically for DHCP.

            When you add a gateway to an interface pfSense treats it as a WAN and that is not the case for LAN or OPT1.

            Additionally whatever is at 10.0.2.2 is not responding to ping. That's probably because it's the VBox NAT host. You should set some the external IP address for pfSense to monitor on the WAN.

            Steve

            1 Reply Last reply Reply Quote 1
            4 out of 5
            • First post
              4/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.