[Solved] Multiple Subnets (VLANs) behind pfSense
First I want to tell you shortly my problem:
Behind my pfSense i have many subnet (vlans) and the problem is that i am not able to get into the internet, when I am in a different subnet than the pfSense is. I read a lot of documentation and most said, that I have to change the NAT to advanced; but this does not help.
10.0.1.0 10.0.2.0 10.0.3.0 and so on
HP L3 Switch
The HP L3 Switch is responsible that the different subnets can commuincate with eatch other. There is no problem with the routes!
First, I had instead of the pfSense an IPCop. There is no problem with the internet connection form other subnets. I had only add an static route with route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.0.1.253 and every subnet could connect to the internet. In pfSense I also added the same static route but other subnets are not able the get in the internet. I also disabled the firewall, but it does not help. All PCs which are in the same subnet with the pfSense get an internet connection.
So I think there is a problem with the firewall or with the NAT. But I don't know what.
Could anybody help me? I did not found a manual which helped me and I searched a lot of hours.
Thanks a lot.
You have to add your "multiple" networks in static routes in pfsense box (to be sure that pfsense is able to route back), for LAN interface. Moreover, be sure you have appropiate rules for that Lan Segments, in policy rules to allow incoming traffic in LAN rules
GruensFroeschli last edited by
You have 2 options:
Either you add additional subnets to the LAN interface
or you create VLANs on the parent interface on which LAN is assigned and configure a trunk on the HP switch.
dotdash last edited by
The route you mentioned was pointing to the box itself, which is not helpful.
You need a route on the pfSense box pointing to the L3 switch. Ideally, the firewall should be on a separate VLAN. e.g.- Let's assume 10.0.1.0/24 is the firewall vlan and there are various devices on vlans from 10.0.2.0/24-10.0.9.0/24. If the switch was 10.0.1.1 on the firewall vlan, you would add a static route to 10.0.0.0/16 (LAN if) gateway 10.0.1.1. You would have to make sure your outbound nat source was 10.0.0.0/16 and that your outbound rule on the LAN was using 10.0.0.0/16 and not "lan subnet".
That's right dotdash the gatey way is xxx.254.
I have reset the pfsense and made the tutorial from GruensFroeschli again and now it functions!!!!
Thanks a lot!!!