Routing from LAN Subnets not working

Guest · Jul 5, 2010, 7:00 PM

I've the configuration bellow, al clients in LAN gets it's IPs from a local DHCP and access the internet without problem, but clients on sub1 and sub2, can not. I've set up default gateway on router cisco pointing to PFSense (172.27.110.155), add create routes on pfsense to SUB1 and SUB2 and create an alias named "subredes" (including LAN, SUB1 and SUB2) replacing the default LAN rule to use alias "subredes".
I can ping from SUB1/SUB2 to pfsense (172.27.110.155), but no traffic goes thru PFsense from SUB1 o SUB2 to internet.

I'll appreciate very much your help, what's could be wrong?

PFSENSE: VER 2.0-BETA1 built on Wed Mar 31 12:48:43 EDT 2010

192.168.7.3 172.27.101.2
(Client1) (Client2)
| |
| |
192.168.7.0/24 172.27.101.0/24
(SUB1) (SUB2)
–-----------(Cisco Router-DHCP)----------------
|
|
172.27.110.0/23----(Client0)
(LAN)
|
(172.27.110.155)
(PFSense 2.0)
(WAN)
|
|
(Internet)

danswartz · Jul 5, 2010, 7:31 PM

Can you be more specific about the routes you added to pfsense. And I am not sure what LAN rule you are referring to. It would be helpful to post screenshots of the relevant config sections.

Guest · Jul 5, 2010, 8:07 PM

Many tahnks for your soon answer, I have attached the rule:

![Lan Rule.png](/public/imported_attachments/1/Lan Rule.png)
![Lan Rule.png_thumb](/public/imported_attachments/1/Lan Rule.png_thumb)

danswartz · Jul 5, 2010, 9:08 PM

Ah, I think I know what is going on. Go to Firewall => NAT => Outbound. It should default to Automatic Outbound NAT? If so, there is an invisible rule that NATs anything going out WAN from the LAN subnet, but it won't know to NAT the two extra subnets. Click on Manual Outbound NAT and you will see a rule appear (if I am correct) showing a rule like "172.27.110.0/23 ** * * *" or somesuch. Rather than add the two new rules, just change the 172.27.110.0/23 to * (there is normally no good reason not to NAT anything going out WAN).

Guest · Jul 5, 2010, 9:34 PM

I've allready did it.

danswartz · Jul 5, 2010, 11:29 PM

Are you sure the clients are getting to the pfsense? e.g. if you do traceroute to external host, what do you see?

danswartz · Jul 6, 2010, 12:15 AM

Also, if you don't mind my asking, why the extra complication of the cisco router?

danswartz · Jul 6, 2010, 12:17 AM

Another question: are you sure the hosts on SUB1 and SUB2 have default gateways pointing to the respective IPs on the cisco? If not, it may be possible that the SUB1 and SUB2 hosts can see the pfsense LAN IP due to proxy arp on the cisco…

Guest · Jul 6, 2010, 5:41 PM

danswartz,

Many thanks for your hep, asking your questions:

1.- I've enable squid proxy in transparent mode and now clients at SUB1 and SUB2 can navigate, that works very well for http traffic, but I need more control over other kind of traffic like VPN access to remote services. So answering your questions, default gateway is OK and all traffic is directed to PFsense, the problem is that all traffic is bloked somewere.

2.-Why Cisco Router, simply it's there and we have a Wifi subnet and VoIP subnet based on Cisco solutions, and I can't remove it.

So I still don't know where is the problem.

Thanks for your help
Alfredo

danswartz · Jul 6, 2010, 5:43 PM

okay, but can do do a traceroute to an external host from SUB1 or SUB2 hosts and post that like I asked?

Guest · Jul 6, 2010, 8:12 PM

As nothing works as expected, I've decided to rebuild the pfsense from ISO to latest version, and now it works the same configuration.

Many thanks for your help.

Regards
Alfredo