Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connecting two subnets with pfsense router

    Scheduled Pinned Locked Moved
    General pfSense Questions
    route gateway router internal
    3
    5
    511
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      calebnetworking
      last edited by calebnetworking

      Hi, I have used virtualbox to create 3 virtual machines, 2 with debian OS which will act as host and client and 1 for pfsense. The IP addresses of my debian VMs are static, along with my IPs for em1, em2 and em3 interfaces on the router.
      Untitled Diagram-Page-8.png

      I am trying to send a ping from IOT (172.16.160.2) to debianuser (10.1.1.2) and vice versa, but I am getting a "ping: connect: Network is unreachable" on both machines.

      My current understanding of what should have happened:

      1. Host 172.16.160.2 sends a ping to client 10.1.1.2
      2. ARP request sent to local gateway (172.16.160.1) on the router
      3. Router checks destination IP address against all reach-able interface (em0, em1, etc) till the final hop reaches a gateway who can locally reach the destination IP (gateway 10.1.1.1).
      4. Client 10.1.1.2 sends an ARP reply
      5. Router adds the MAC/IP information to its ARP cache
      6. Host is able to send a ping to client

      This section will contain more information of the set up, accompanied by screenshots.

      1. List of interfaces - em0, em1, em2 and em3.
        interfaces.PNG
        928c7ded-a9d4-445b-82cd-ee9aceaaee26-image.png
        6ddfe322-ecb1-4763-bb01-80bfdf43559c-image.png
        7e792612-5009-4380-bf99-5d5209c8f4bf-image.png
        787f96cf-f501-4ce7-9875-04ee8ad9dfa1-image.png

      2. PFsense Firewall rules for LAN - I added a rule to accept everything from IPv4
        5040a28e-9996-431b-bf3e-feb27525f609-image.png

      3. PFsense Firewall rules for OPT1 - I added a rule to accept everything from IPv4
        43b53369-252a-48fa-92db-d25d414f1d67-image.png

      4. OS Firewall rules of debianuser (10.1.1.2) - No firewall rules, I added the chains previously
        3f423cfa-46a3-45f3-892e-253b82018a27-image.png

      5. OS Firewall rules for client (172.16.160.2) - No firewall rules
        6a898b0e-b858-4df2-b3d3-75a14a5465be-image.png

      6. Gateways
        5f6d01c1-c776-44c0-8f27-57a5eef3ef53-image.png

      Questions

      1. Why is the host unable to ping the client? I assume that the routing is done automatically when internal networks are connected directly to the router.
      2. It makes sense for there to be switches to redirect the traffic to the correct device on a LAN. However, I am not sure if it is set up by default. I am also unable to find the switch settings on the Pfsense web GUI under Interface > Switch. Do I have to set those up to route?

      Thank you for reading! I will appreciate any input you'd have for me!

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @calebnetworking
        last edited by

        @calebnetworking it should โ€œjust work.โ€

        The Switch menu in pfSense is for Netgate models with built in switches so not relevant. Instead check Diagnostics/Routes.

        Is the netmask correct on all interfaces? Gateway correct(pfSense) on the two devices?

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        C 1 Reply Last reply Reply Quote 1
        • C
          calebnetworking @SteveITS
          last edited by

          @SteveITS Thank you so much for your reply! I did not know that I had to set a default gateway for my devices. I am able to ping the two devices now after setting those up. ๐Ÿ‘

          S 1 Reply Last reply Reply Quote 1
          • S
            SteveITS Rebel Alliance @calebnetworking
            last edited by

            @calebnetworking Yep the gateway is for โ€œnot my network, send to something that knows better.โ€ :)

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            1 Reply Last reply Reply Quote 1
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              You should not have gateways set on LAN or OPT1. (or possibly OPT2). Only the WAN should have a gateway set for pfSense and that is added automatically for DHCP.

              When you add a gateway to an interface pfSense treats it as a WAN and that is not the case for LAN or OPT1.

              Additionally whatever is at 10.0.2.2 is not responding to ping. That's probably because it's the VBox NAT host. You should set some the external IP address for pfSense to monitor on the WAN.

              Steve

              1 Reply Last reply Reply Quote 1
              • First post
                Last post