Second firewall taking down network



  • I'm hoping someone could offer some insight into this issue I'm having…

    I have a dual-wan, single lan, version 1.2 firewall in production, and am working on setting up a second box to test version 2.0.  The current LAN subnet is 192.168.1.0/24.  I installed v2 onto another box, set the same WAN addresses (nothing plugged into them yet), but set LAN subnet as 192.168.100.0/24.

    I figured that I could plug the LAN interface into our existing switch and there wouldn't be any issue since it's on a completely different subnet.  To access it, I'd simply set my local PCs network settings accordingly.  However, as soon as it's plugged into the switch, all inbound/outbound traffic on the network stops.  If I unplug it and clear the ARP cache on the main firewall, everything starts working again.

    So... different subnets, no MAC addresses have been spoofed, and DHCP is not running on either of the firewalls.  Any ideas what's causing this?  Thanks!



  • Hello,

    A guess would be if you looked at Diagnostics,> Routes on  machine one ,take a screen shot(s) to have a reference then power up your second pfSense box and do the same ,save a couple screen shots of each machine,and do a compare of 'a before and after' connection of the second pfSense machine ,this would more than likely tell you what the routes have changed.
    As you stated it 'appears' as if this should work but obviously the kernel or something is trying to make a route,possibly?
    You may need to make a static route from 192.168.100.0/24 to 192.168.1.1, on box two on LAN interface, not sure?
    Can you plug a pc directly into LAN port of pfSense box two and ping 192.168.100.1 ( or whatever ip you gave LAN) for sure?

    BC



  • @nbben:

    To access it, I'd simply set my local PCs network settings accordingly.

    Details please.

    @nbben:

    However, as soon as it's plugged into the switch, all inbound/outbound traffic on the network stops.

    Please elaborate: All traffic from all PC's you modified but not traffic from PCs you didn't modify? All traffic from existing connections? Pings by hostname? pings by IP address? traffic originating in the pfSense box connected to the Internet? Was the pfSense box connected to the Internet still running normally? Did it report anything significant on the console or any of the logs? etc


Locked