Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Routing from LAN Subnets not working

    Firewalling
    2
    11
    3135
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest last edited by

      I've the configuration bellow, al clients in LAN gets it's IPs from a local DHCP and access the internet without problem, but clients on sub1  and sub2, can not. I've set up default gateway on router cisco pointing to PFSense (172.27.110.155), add create routes on pfsense to SUB1 and SUB2 and create an alias named "subredes" (including LAN, SUB1 and SUB2) replacing the default LAN rule to use alias "subredes".
      I can ping from SUB1/SUB2 to pfsense (172.27.110.155), but no traffic goes thru PFsense from SUB1 o SUB2 to internet.

      I'll appreciate very much your help, what's could be wrong?

      PFSENSE: VER 2.0-BETA1 built on Wed Mar 31 12:48:43 EDT 2010

      192.168.7.3                                      172.27.101.2
                  (Client1)                                          (Client2)
                      |                                                    |
                      |                                                    |
              192.168.7.0/24                              172.27.101.0/24
                  (SUB1)                                            (SUB2)
                  –-----------(Cisco Router-DHCP)----------------
                                                |
                                                |
                                      172.27.110.0/23----(Client0)
                                            (LAN)
                                                |
                                      (172.27.110.155)
                                        (PFSense 2.0)
                                            (WAN)
                                                |
                                                |
                                        (Internet)

      1 Reply Last reply Reply Quote 0
      • D
        danswartz last edited by

        Can you be more specific about the routes you added to pfsense.  And I am not sure what LAN rule you are referring to.  It would be helpful to post screenshots of the relevant config sections.

        1 Reply Last reply Reply Quote 0
        • ?
          Guest last edited by

          Many tahnks for your soon answer, I have attached the rule:

          ![Lan Rule.png](/public/imported_attachments/1/Lan Rule.png)
          ![Lan Rule.png_thumb](/public/imported_attachments/1/Lan Rule.png_thumb)

          1 Reply Last reply Reply Quote 0
          • D
            danswartz last edited by

            Ah, I think I know what is going on.  Go to Firewall => NAT => Outbound.  It should default to Automatic Outbound NAT?  If so, there is an invisible rule that NATs anything going out WAN from the LAN subnet, but it won't know to NAT the two extra subnets.  Click on Manual Outbound NAT and you will see a rule appear (if I am correct) showing a rule like "172.27.110.0/23 ** * * *" or somesuch.  Rather than add the two new rules, just change the 172.27.110.0/23 to * (there is normally no good reason not to NAT anything going out WAN).

            1 Reply Last reply Reply Quote 0
            • ?
              Guest last edited by

              I've allready did it.


              1 Reply Last reply Reply Quote 0
              • D
                danswartz last edited by

                Are you sure the clients are getting to the pfsense?  e.g. if you do traceroute to external host, what do you see?

                1 Reply Last reply Reply Quote 0
                • D
                  danswartz last edited by

                  Also, if you don't mind my asking, why the extra complication of the cisco router?

                  1 Reply Last reply Reply Quote 0
                  • D
                    danswartz last edited by

                    Another question: are you sure the hosts on SUB1 and SUB2 have default gateways pointing to the respective IPs on the cisco?  If not, it may be possible that the SUB1 and SUB2 hosts can see the pfsense LAN IP due to proxy arp on the cisco…

                    1 Reply Last reply Reply Quote 0
                    • ?
                      Guest last edited by

                      danswartz,

                      Many thanks for your hep, asking your questions:

                      1.- I've enable squid proxy in transparent mode and now clients at SUB1 and SUB2 can navigate, that works very well for http traffic, but I need more control over other kind of traffic like VPN access to remote services. So answering your questions, default gateway is OK and all traffic is directed to PFsense, the problem is that all traffic is bloked somewere.

                      2.-Why Cisco Router, simply it's there and we have a Wifi subnet and VoIP subnet based on Cisco solutions, and I can't remove it.

                      So I still don't know where is the problem.

                      Thanks for your help
                      Alfredo

                      1 Reply Last reply Reply Quote 0
                      • D
                        danswartz last edited by

                        okay, but can do do a traceroute to an external host from SUB1 or SUB2 hosts and post that like I asked?

                        1 Reply Last reply Reply Quote 0
                        • ?
                          Guest last edited by

                          As nothing works as expected, I've decided to rebuild the pfsense from ISO to latest version, and now it works the same configuration.

                          Many thanks for your help.

                          Regards
                          Alfredo

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post

                          Products

                          • Platform Overview
                          • TNSR
                          • pfSense
                          • Appliances

                          Services

                          • Training
                          • Professional Services

                          Support

                          • Subscription Plans
                          • Contact Support
                          • Product Lifecycle
                          • Documentation

                          News

                          • Media Coverage
                          • Press
                          • Events

                          Resources

                          • Blog
                          • FAQ
                          • Find a Partner
                          • Resource Library
                          • Security Information

                          Company

                          • About Us
                          • Careers
                          • Partners
                          • Contact Us
                          • Legal
                          Our Mission

                          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                          Subscribe to our Newsletter

                          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                          © 2021 Rubicon Communications, LLC | Privacy Policy