Routing between multiple LANS



  • Currently out setup is as follows.

    PFSense as a perimeter firewall, It has two network cards, one is assigned as 192.168.1.1 and other other a public IP.

    We also have a second router with the address of 192.168.1.10 (LAN side) which has a frame-relay connection to our Detroit office. Our Detroit office has a network of 192.168.2.x (it is a satellite office)

    I have static routes input in pfsense pointing any traffic for 192.168.2.x to 192.168.1.10 (and on the other side the routes are taken care of statically).

    The problem is this.  While I can ping in both directions, users in Detroit cannot access our wiki server (its address is 192.168.1.133 ,http port)
    Putting a static route into wiki that says (use 192.168.1.10 for any traffic to and from 192.168.2.x thus bypassing pfsense) fixes the problem. I cant do this for every server users need to access on this side though. And to top it off pfsense seems to cut rpd connections every 15 seconds or so (only connections bound for 192.168.2.x). Otherwise everything works great.

    Pfsense only sees 192.168.1 and 192.168.2 traffic on its LAN interface, and really I thought with a static route all it would do is issue an ICMP redirect (next hop 192.168.1.10) for traffic destined for our other LAN, but it is doing some filtering. I am RDP'd into a users PC on the remote network (had to put static routes into my laptop to do it, otherwise my RDP connection is cut every 20 seconds) and I cannot access an apache2 web server on the local side here, but I can ping the server itself.

    Any advice, help, insight would be much appreciated. I am primarily a Cisco router user, so I am a bit stumped, as this behavior wouldn't happen with a Cisco device.



  • I think if it's possible on your frame relay router change it's lan address too match the Detroit lan 192.168.2.xx and add the third card to the pfsense box with a .2.x address.
    Then create a static route from the new Opt1 card too the lan with open all ports firewall rule.
    Should work, (I'm not as advanced as other users here)


Log in to reply