Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing from LAN Subnets not working

    Firewalling
    2
    11
    3.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      I've the configuration bellow, al clients in LAN gets it's IPs from a local DHCP and access the internet without problem, but clients on sub1  and sub2, can not. I've set up default gateway on router cisco pointing to PFSense (172.27.110.155), add create routes on pfsense to SUB1 and SUB2 and create an alias named "subredes" (including LAN, SUB1 and SUB2) replacing the default LAN rule to use alias "subredes".
      I can ping from SUB1/SUB2 to pfsense (172.27.110.155), but no traffic goes thru PFsense from SUB1 o SUB2 to internet.

      I'll appreciate very much your help, what's could be wrong?

      PFSENSE: VER 2.0-BETA1 built on Wed Mar 31 12:48:43 EDT 2010

      192.168.7.3                                      172.27.101.2
                  (Client1)                                          (Client2)
                      |                                                    |
                      |                                                    |
              192.168.7.0/24                              172.27.101.0/24
                  (SUB1)                                            (SUB2)
                  –-----------(Cisco Router-DHCP)----------------
                                                |
                                                |
                                      172.27.110.0/23----(Client0)
                                            (LAN)
                                                |
                                      (172.27.110.155)
                                        (PFSense 2.0)
                                            (WAN)
                                                |
                                                |
                                        (Internet)

      1 Reply Last reply Reply Quote 0
      • D
        danswartz
        last edited by

        Can you be more specific about the routes you added to pfsense.  And I am not sure what LAN rule you are referring to.  It would be helpful to post screenshots of the relevant config sections.

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          Many tahnks for your soon answer, I have attached the rule:

          ![Lan Rule.png](/public/imported_attachments/1/Lan Rule.png)
          ![Lan Rule.png_thumb](/public/imported_attachments/1/Lan Rule.png_thumb)

          1 Reply Last reply Reply Quote 0
          • D
            danswartz
            last edited by

            Ah, I think I know what is going on.  Go to Firewall => NAT => Outbound.  It should default to Automatic Outbound NAT?  If so, there is an invisible rule that NATs anything going out WAN from the LAN subnet, but it won't know to NAT the two extra subnets.  Click on Manual Outbound NAT and you will see a rule appear (if I am correct) showing a rule like "172.27.110.0/23 ** * * *" or somesuch.  Rather than add the two new rules, just change the 172.27.110.0/23 to * (there is normally no good reason not to NAT anything going out WAN).

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              I've allready did it.

              NAT_OutBound.png
              NAT_OutBound.png_thumb

              1 Reply Last reply Reply Quote 0
              • D
                danswartz
                last edited by

                Are you sure the clients are getting to the pfsense?  e.g. if you do traceroute to external host, what do you see?

                1 Reply Last reply Reply Quote 0
                • D
                  danswartz
                  last edited by

                  Also, if you don't mind my asking, why the extra complication of the cisco router?

                  1 Reply Last reply Reply Quote 0
                  • D
                    danswartz
                    last edited by

                    Another question: are you sure the hosts on SUB1 and SUB2 have default gateways pointing to the respective IPs on the cisco?  If not, it may be possible that the SUB1 and SUB2 hosts can see the pfsense LAN IP due to proxy arp on the cisco…

                    1 Reply Last reply Reply Quote 0
                    • ?
                      Guest
                      last edited by

                      danswartz,

                      Many thanks for your hep, asking your questions:

                      1.- I've enable squid proxy in transparent mode and now clients at SUB1 and SUB2 can navigate, that works very well for http traffic, but I need more control over other kind of traffic like VPN access to remote services. So answering your questions, default gateway is OK and all traffic is directed to PFsense, the problem is that all traffic is bloked somewere.

                      2.-Why Cisco Router, simply it's there and we have a Wifi subnet and VoIP subnet based on Cisco solutions, and I can't remove it.

                      So I still don't know where is the problem.

                      Thanks for your help
                      Alfredo

                      1 Reply Last reply Reply Quote 0
                      • D
                        danswartz
                        last edited by

                        okay, but can do do a traceroute to an external host from SUB1 or SUB2 hosts and post that like I asked?

                        1 Reply Last reply Reply Quote 0
                        • ?
                          Guest
                          last edited by

                          As nothing works as expected, I've decided to rebuild the pfsense from ISO to latest version, and now it works the same configuration.

                          Many thanks for your help.

                          Regards
                          Alfredo

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.