Reaching an ip in a different subnet / vlan
-
Hi,
I have a setup with the following vlans:
TV-system:
Vlan 110
IP/Subnet- 10.40.0.0/16 (GW: 10.40.0.1)TV-stream supplier:
Vlan 73
IP/Subnet - 10.40.73.0/24 (GW: 10.40.73.1)
IP/Subnet - 192.168.20.0/24 (TV-streams) (Virtual IP 192.168.15.210)I need to access the TV-streams in vlan 73 on IP 192.168.20.15 from the Vlan 110 network (and an 10.40.0.0/16 adress)
How can I do this? I have been messing around with rules and NAT, but i don`t seem to get any traffic trough.
-
@uggiz you understand your 10.40/16 overlaps with your 10.40.73/24
if you want those 2 networks to talk to each other.. change one so they don't overlap, say make it 10.40.0/24, or change it to 10.50/16, or change your 10.40.73 to 10.50.73/24, etc..
Your going to have nothing but problems trying to run networks that overlap - how did you even create those - pfsense will not allow you to create overlapping interfaces.
Also - your running multiple layer 3 on the same layer 2, why?
-
Yup, that^
But also streaming video like that is usually multicast traffic requiring igmpproxy or pimd etc.
Steve
-
The 10.40.73/24 was not setup by me, but a supplier of the TV streams. This has been changed to 10.41.0.0/24 now, so I guess this should be good?
I still cannot reach 192.168.15.20 (which is in the same vlan as10.41.0.0/24) from the 10.40.0.0/16 network. Any ideas?
-
@uggiz doesn't matter who created it - pfsense wont let you create a network that overlaps..
You get an error like this.
Why are you running multiple layer 3 on the same layer 2?
192.168.15.20 (which is in the same vlan as10.41.0.0/24)
But if you create a vip on pfsense interface in network X, you can run multiple layer 3 on the same layer 2.. But its not a very good idea to do such a thing.. Really the only reason would be during transition from one IP scheme to a different IP scheme.
Do you rules allow access to this vip network? from the 10.40 network, are you policy routing that would cause you issues?
-
@johnpoz
Things have changed now, and I see that I may have had some mistakes in the first posts, things are as follows:10.41.0.0/24 - I now only need to reach 10.41.0.1 on this network (Dont think about the 192.168.15.0/24)
10.40.0.0/16 - This was a mistake from my side, i have 10.40.0.0/24 setup on the pfsense (As you said, there is a nasty error message if you try to setup a /16 network)
But, I still cannot reach 10.41.0.1 from an ip in the 10.40.0.0/24 vlan.. What am I missing? I have allow rules back and forth, even tried with any/any rules. Normally this just works, but now i`m a bit stuck.
-
@uggiz so this 10.40.0.x/24 device on vlan A, it can ping pfsense? It has its gateway set to pfsense IP, ie 10.40.0.y ?
If it can, and its gateway is pfsense and you want to get to some other vlan connected to pfsense, ie vlan B.. The rules on vlan A would need to allow that.. What are you rules on this 10.40.0 interface?
Do you have any rules in floating?
Common issue I have seen is users setup policy routing to send traffic out the dhcp gateway or some vpn gateway.. but without seeing your rules on this 10.40.0 interface in pfsense, and if any floating those.. I can not really say what you might have wrong.
But first things first, to be able to get to some other network off of pfsense, the client needs to be able to get to pfsense, and it needs to be using it as its gateway to get off the network.
-
Mmm what are the devices in these subnets you are testing between?
The fact you mentioned 'TV-stream supplier' initially makes me thing there is more in play here than simply routing between two subnets.
