• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Routing through a new Netgate 6100

Scheduled Pinned Locked Moved Routing and Multi WAN
12 Posts 4 Posters 441 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • V
    viragomann @lowbug
    last edited by Jan 9, 2025, 9:46 AM

    @lowbug said in Routing through a new Netgate 6100:

    The netgate default gateway wan interface goes to the customer network.

    Did you state the upstream gateway in the WAN interface settings?

    We can ping from the netgate to the wan customer device on 10.209.209.65

    According to your graphic, this IP is outside of pfSense WAN subnet 10.209.209.0/26. (?)
    So obviously some of the stated data are wrong.

    1 Reply Last reply Reply Quote 0
    • G
      Gertjan @lowbug
      last edited by Gertjan Jan 9, 2025, 10:03 AM Jan 9, 2025, 10:03 AM

      @lowbug said in Routing through a new Netgate 6100:

      We can ping a device on the customer network 11.2.33.120

      The customer network uses IPs that exist also on the Internet ?
      11.2.... is not RFC1918.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      N 1 Reply Last reply Jan 9, 2025, 10:32 AM Reply Quote 0
      • N
        NogBadTheBad @Gertjan
        last edited by Jan 9, 2025, 10:32 AM

        @Gertjan said in Routing through a new Netgate 6100:

        @lowbug said in Routing through a new Netgate 6100:

        We can ping a device on the customer network 11.2.33.120

        The customer network uses IPs that exist also on the Internet ?
        11.2.... is not RFC1918.

        Seen who owns that address space!

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • L
          lowbug
          last edited by Jan 9, 2025, 11:24 AM

          Hi, I made the 11. address up, the customer does run a range.
          Sorted it, I required a rule in the netgate firewall to allow the 192.168.2.x,192.168.253.x, 192.168.6.x in from the lan side. The netgate was only expecting its own lan subnet not the subnets in the diagram to the left of that.

          yay! Thanks all :)

          1 Reply Last reply Reply Quote 0
          • L
            lowbug
            last edited by Jan 30, 2025, 12:57 PM

            It seems I didn't quite fix this... So we can see that when users are on VPN to our main firewall ( coming from 172.16 address (left-hand side firewall - not shown in image) they can't get through the netgate. They can ping the 192.168.100.101 but if they traceroute to a known address in the 10.209.209.0 network ( or any network beyond that) it gets to the netgate at 192.168.100.101 but is then dropped.

            I have checked the wan and lan firewall rules on the netgate and it doesn't look like the firewall is blocking it. I don't know why it's doing this and not routing it forward to the 10.209.209.x lan.. Checking the firewall logs there is nothing from the 172. address at all?

            Please help :(

            G 1 Reply Last reply Jan 30, 2025, 1:38 PM Reply Quote 0
            • G
              Gertjan @lowbug
              last edited by Jan 30, 2025, 1:38 PM

              @lowbug said in Routing through a new Netgate 6100:

              it gets to the netgate at 192.168.100.101 but is then dropped

              Is 192.168.100.101 the pfSense WAN ?
              Does pfSense know what to do with this traffic ?

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              L 1 Reply Last reply Jan 30, 2025, 1:41 PM Reply Quote 0
              • L
                lowbug @Gertjan
                last edited by Jan 30, 2025, 1:41 PM

                @Gertjan Thanks 192.168.100.101 is the netgate lan address 10.209.209.121 is the netgate wan address

                G 1 Reply Last reply Jan 30, 2025, 1:47 PM Reply Quote 0
                • G
                  Gertjan @lowbug
                  last edited by Jan 30, 2025, 1:47 PM

                  @lowbug

                  Humm. Ok, so pfSense should know what to do with it.
                  Only LAN firewall rules might stop traffic then.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  L 1 Reply Last reply Jan 30, 2025, 2:22 PM Reply Quote 0
                  • L
                    lowbug @Gertjan
                    last edited by Jan 30, 2025, 2:22 PM

                    @Gertjan Ok I will recheck them now

                    L 1 Reply Last reply Jan 31, 2025, 9:44 AM Reply Quote 0
                    • L
                      lowbug @lowbug
                      last edited by Jan 31, 2025, 9:44 AM

                      I have set a rule to allow anything from the network 172.16.14.0 /24 to any network but still, it doesn't work.

                      G 1 Reply Last reply Jan 31, 2025, 10:26 AM Reply Quote 0
                      • G
                        Gertjan @lowbug
                        last edited by Jan 31, 2025, 10:26 AM

                        @lowbug

                        Before the rule you can see 'counters'.
                        Like these :

                        ec743d53-134a-416d-9504-ad11fa52b0f6-image.png

                        If it stays at 0/0, the rule wasn't used ... = no matching traffic.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                          This community forum collects and processes your personal information.
                          consent.not_received