Multple Routed Subnets on LAN



  • I'm currently using a Linksys DD-WRT appliance to accomplish routing tasks.  However, I want to replace that machine with a PFSense-based machine.

    On DD-WRT we add additional bridge interfaces with separate IPs, basically creating aliases.  In PFSense, this isn't possible to do (as I have read here).  However, there seems to be confusion on the correct way to create a routed aliased network.

    I need to have 3 subnets on the LAN side that route through.  x.x.x.129 / 25  is our public network, 10.0.1.0/24 and 10.1.2.0/24 are two other networks for management of hardware.
    On the WAN side, 10.0.0.3/24 is the IP/mask and 10.0.0.10 is the Router.  The router is configured properly and routes the LAN side networks through to 10.0.0.3 (it's a Cisco).

    I set the LAN side to my public address / netmask.  I set the two other addresses as Virtual IP 10.0.1.1/24 and 10.1.2.1/24 (Proxy ARP, Network).  I then set static routes for the latter 2 ranges, gateway 10.0.0.10 for both, LAN side.

    I haven't plugged the device into the network yet (It's about an hour away).  Is this the proper way to do this?  The PFSense instructions for Static Routes say to never create routes to places that are accessible via the gateway.  However, if I remove the routes on the DD-WRT unit, the traffic does not move at all.  This leads me to believe either PFSense has a different way of doing this, or perhaps this is one condition where I would need virtual IPs AND Static Routes?

    I did searching in the forums and the official answer for IP Alias was 'use Virtual IPs'.  However, I didn't have much luck finding a message that matched my particular situation.

    Thanks in advance.



  • create aliases for each of your new subnet, the add a firewall rule to pass the trafic, and NAT rules also if you want to route these subnet to your WAN IP



  • @hchady:

    create aliases for each of your new subnet, the add a firewall rule to pass the trafic, and NAT rules also if you want to route these subnet to your WAN IP

    I'm afraid I don't understand.

    Aliases in PFSense appear to make word references to hosts, subnets or IP addresses, not a traditional IP Alias.  It says in other posts to use Virtual IPs.

    http://www.mail-archive.com/support@pfsense.com/msg07105.html

    I should not need NAT in order to create real routes.  I have NAT disabled in my DD-WRT unit.

    Thanks.


Log in to reply