4. 1 WAN/Multiple LAN Subnet Routing problem???

1 WAN/Multiple LAN Subnet Routing problem???

  • T

    I've known of pfsense for a long time, but today is the first time trying it out.
    I'm currently rebuilding my lab network, which used to consist of FreeBSD v7.2 as a firewall/router, and 2 Vyatta v4 routers.
    Everyone played nice, and things were great.
    I'm rebuilding the network using pfsense 1.2.2 and 1 Vyatta v5  router that sits on multiple networks.
    The network is basically the same as how it was built before, but for some reason, I cannot figure out why clients behind the router cannot ping the internet.

    Here is a simplified diagram of the network ->
    http://imagebin.ca/view/jPPqsh8.html

    The client PC can ping the vyatta router, can ping the firewall, but cannot ping the internet.
    I'm using the RIP protocol on both pfsense and vyatta to figure to out the routing.
    I do not remember if I did anything else special, but for some reason, I cannot get the clients to ping past the firewall.  I modified the firewall rules so that it doesn't block the internal LAN.

    I can ping the IP address of the modem, but cannot get to my ISP's gateway.
    I believe I have a routing issue.  Here is what my routing table looks like ->
    http://imagebin.ca/view/0_NovTpA.html

    Can anyone see what my problem is and suggest a fix.

    Thanks

    0
  • T

    I figured out the problem.
    I turned off Automatic outbound NAT, and set an appropriate source range, and it automagically started working.
    Thanks for looking..

    0

  • Hmm.
    Not sure why you have this behaviour.
    According to cmb:
    @http://forum.pfsense.org/index.php/topic:

    All locally connected subnets, whether locally attached or configured via static route automatically have outbound NAT rules created for every WAN interface. This is true in 1.2 RC versions and newer at least, probably some 1.2 beta releases prior to RC. I don't recall exactly when it was added but it's been that way for a while. You only need AON if you require static port or have some complex NAT needs requiring you to disable the aforementioned automatic behavior.

    the outbound NAT rule should automatically be created.
    Maybe it doesn't work automatically because the route is added via RIP.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy