Cannot connect with multi LAN Routing

jsgrossk

I have two subnets 192.168.0.0 / 24 and 10.0.0.0 /8. 192 is this bulding and the 10 is in a seperate building. The buldings are connected via fiber optic so there is not need for VPN. I have a watchguard router on the 10 network and am switching from a watchguard router to Pfsense in this building. The routing works with the two watchguard routers. I can ping the 10 network from the 192 network. But I have not been successful using the pfsense box. The 10 network watchguard firewall has an external address of 192.168.0.40 and the internal is 10.0.0.0 / 8. I created a gateway to 10.0.0.0/8 interface LAN and 192.168.0.40 as gateway. Then I added a static route to network 10.0.0.0/8 using Gateway that I just created on the interface LAN. No luck. I tried setting manual NAT and nothing. Tried adding firewall rules and nothing. The PFsense lan address is 192.168.0.6. If my computer has that address for the gateway, nothing works. If I manually change my computer gateway to 192.168.0.40 it works. So that tells me the watchguard on the other end is working but the PFsense is not telling my computer to go to 192.168.0.40 when I ping the 10 network. Hope this makes sense. Thanks

marcelloc

what rules did you applied on pfsense?

How many interfaces you configured WAN, LAN, OPT?

jsgrossk

I have three Interfaces configured LAN, WAN, OPT. I do not have OPT connected yet but I plan to use that for a backup internet service and do grouping with the WAN. The only rules I have setup on the lan are the default LAN Net to everything rule.

marcelloc

how your setup looks like this?

watchguard is connected to both networks, so how pfsense could route back?

also check firewall -> nat -> outbound
change to manual and remove all rules from there.

192.168.0.0/24 –-- pfsense------???-- 
                      |                            |
                      |                            |
192.168.0.40-------watchguard-------- 10.0.0.0/8(very big netmask)

jsgrossk

1 Watchguard is connected to both networks. I am removing one of them. I have this. Maybe I am mis understanding routing but I have:

Computer
IP 192.168.0.188
SN 255.255.255.0
GW 192.168.0.6

PFSense
Lan: 192.168.0.6
WAN: 72.X.X.X
OPT: Not connected

PFSense GW
10.0.0.0 /8 GW: 192.168.0.40

So I thought…
192.168.0.6 / 24 <---> 192.168.0.40 (The gateway to get to the 10)

Watchguard
192.168.0.40 <---> 10.0.0.0 /8 (I know it's big and I will change once I get it working)

I can ping 192.168.0.40 from the PFsense box but not 10.0.0.1 (1st address). I can also ping 192.168.0.40 from computer but not 10.

I do have a ton of rules when I changed to manual...I'll remove them all and see what happens.

Thanks for your help so far. I'm sure it's something stupid I am doing

marcelloc

Go on system-> advanced -> firewall/NAT and check

Bypass firewall rules for traffic on the same interface

jsgrossk

OK, I'll have to try it tomorrow morning. I currently have the PFsense firewall off and th eold watchguard on so we can do business throughout the day. Tomorrow morning I will change and test before start of business day and get back to you. Thanks again for your help

marcelloc

ok.

You could use this setup also:

WAN
                                |
                                |
192.168.0.0/24–-----pfsense-------- 10.0.0.0/8(very big netmask)

jsgrossk

Checking the box "bypass fireall rules for traffic on same interface did it". Thanks again for your help.