Routing Question - Newbie tyep…
-
I have 3 NICs, Wan, Lan & OPT1.
I want to be able to route traffic between LAN and OPT1 and have internet access from both OPT1 and LAN
Lan 10.1.0.0/16
OPT1 10.2.0.0/16
WAN DHCPHave created the firewall rules on both LAN & OPT to allow any from any.
It doesn't work….
From LAN can ping 10.2.0.1 and get a reply, but if I ping 10.2.0.254 nothing (but if on the 10.2.0.0 network can ping OK, so computers are OK and not being blocked by a software firewall)
From OPT can ping 10.1.0.1 and get a reply but if I ping 10.2.0.1 I don't.
I have internet access from LAN but not from OPT1, but both subnets are doing DHCP OKWhat am I doing thats stupid?????
-
Post a screenshot of your FW Rules ( LAN & OPT1 Tabs ) & NAT - Outbound also of yor DHCP server setting for LAN & OPT1
-
Thanks for the reply.
![DHCP Lan.jpg](/public/imported_attachments/1/DHCP Lan.jpg)
![DHCP Lan.jpg_thumb](/public/imported_attachments/1/DHCP Lan.jpg_thumb)
![DHCP OPT1.jpg](/public/imported_attachments/1/DHCP OPT1.jpg)
![DHCP OPT1.jpg_thumb](/public/imported_attachments/1/DHCP OPT1.jpg_thumb) -
-
Setup the DNS & GW in your DHCP server ( LAN & OPT1 )
-
Use manual Outbound NAT, and set NAT for:
LAN to WAN
OPT1 to WAN
OPT1 to LAN
LAN to OPT1
Create FW Rules for Allow or Block Traffic for each interface
-
-
Many, many thanks for the reply!
Can you just explain this pls?
I don't want to do nat between OPT1 and LAN, I simply want to route the packets….
The DHCP stuff was OK by default LAN & OPT1 could both use WAN.
-
You don't have to NAT LAN to OPT as pfSense should route that so long as a rule exists to allow traffic. Are you OPT1 Subnet computers getting an IP address and is the DNS and Gateway the same as the OPT1 interface id? You will also need to create a rule on LAN to allow OPT1 subnet traffic.
-
isn't that what I've done with the rules?
-
Yes, but what have you done on the outbound NAT side?
-
As suggested, manual NAT shouldn't be needed in your case, since pfsense should be routing between LAN and OPT1.
Does the firewall log (Status -> System Logs -> Firewall) show any blocked traffic?
PS: Your DHCP server settings are somewhat odd, since you defined two whole /16 (64K addresses) nets yet only assign IPs from a 100 IP addr block within them, but it shouldn't hurt…
-
Yes, DHCP settings are odd, but DHCP is only on for testing purposes. This setup is going to route traffic between two phone systems whose consoles need to talk to each other.
ahhh… confession time, I've been a knob, but you chaps have pointed me in the right direction & I'm eternally grateful, it seems to be working now.