Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing through a new Netgate 6100

    Routing and Multi WAN
    4
    12
    402
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan @lowbug
      last edited by Gertjan

      @lowbug said in Routing through a new Netgate 6100:

      We can ping a device on the customer network 11.2.33.120

      The customer network uses IPs that exist also on the Internet ?
      11.2.... is not RFC1918.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      NogBadTheBadN 1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad @Gertjan
        last edited by

        @Gertjan said in Routing through a new Netgate 6100:

        @lowbug said in Routing through a new Netgate 6100:

        We can ping a device on the customer network 11.2.33.120

        The customer network uses IPs that exist also on the Internet ?
        11.2.... is not RFC1918.

        Seen who owns that address space!

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • L
          lowbug
          last edited by

          Hi, I made the 11. address up, the customer does run a range.
          Sorted it, I required a rule in the netgate firewall to allow the 192.168.2.x,192.168.253.x, 192.168.6.x in from the lan side. The netgate was only expecting its own lan subnet not the subnets in the diagram to the left of that.

          yay! Thanks all :)

          1 Reply Last reply Reply Quote 0
          • L
            lowbug
            last edited by

            It seems I didn't quite fix this... So we can see that when users are on VPN to our main firewall ( coming from 172.16 address (left-hand side firewall - not shown in image) they can't get through the netgate. They can ping the 192.168.100.101 but if they traceroute to a known address in the 10.209.209.0 network ( or any network beyond that) it gets to the netgate at 192.168.100.101 but is then dropped.

            I have checked the wan and lan firewall rules on the netgate and it doesn't look like the firewall is blocking it. I don't know why it's doing this and not routing it forward to the 10.209.209.x lan.. Checking the firewall logs there is nothing from the 172. address at all?

            Please help :(

            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @lowbug
              last edited by

              @lowbug said in Routing through a new Netgate 6100:

              it gets to the netgate at 192.168.100.101 but is then dropped

              Is 192.168.100.101 the pfSense WAN ?
              Does pfSense know what to do with this traffic ?

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              L 1 Reply Last reply Reply Quote 0
              • L
                lowbug @Gertjan
                last edited by

                @Gertjan Thanks 192.168.100.101 is the netgate lan address 10.209.209.121 is the netgate wan address

                GertjanG 1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @lowbug
                  last edited by

                  @lowbug

                  Humm. Ok, so pfSense should know what to do with it.
                  Only LAN firewall rules might stop traffic then.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  L 1 Reply Last reply Reply Quote 0
                  • L
                    lowbug @Gertjan
                    last edited by

                    @Gertjan Ok I will recheck them now

                    L 1 Reply Last reply Reply Quote 0
                    • L
                      lowbug @lowbug
                      last edited by

                      I have set a rule to allow anything from the network 172.16.14.0 /24 to any network but still, it doesn't work.

                      GertjanG 1 Reply Last reply Reply Quote 0
                      • GertjanG
                        Gertjan @lowbug
                        last edited by

                        @lowbug

                        Before the rule you can see 'counters'.
                        Like these :

                        ec743d53-134a-416d-9504-ad11fa52b0f6-image.png

                        If it stays at 0/0, the rule wasn't used ... = no matching traffic.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.