4. Trying to have two subnets

Trying to have two subnets

  • I

    Hello everybody, I am very new to using pfsense other than a basic config of 1 wan and 1 lan. All of that is working great and I have many different services being nat'd to different boxes with no issue. I am trying to figure out how to get the lan interface to be the gateway for more than one subnet. Right now the pfsense box is using a lan ip of 192.168.2.1 and all of my boxes are on the 192.168.2.x network. I want to have the pfsense box route traffic for the 192.168.1.x network as well. I would like to have a separate subnet for obvious reasons.

    Am I able to configure that with the setup that I have? If so, how do I do that? Some kind of a step by step guide would be very helpful.

    Thank you in advance

    0

  • You can apply an ip alias (firewall -> virtual ip) to lan interface.

    I would like to have a separate subnet for obvious reasons

    If this obvious reason is security, then I suggest you to segment your network and assign a new interface(using vlan or phisical network card) on pfsense.

    0
  • I

    Thank you for the reply. I have made a vlan but I am having trouble setting the rest up. I really cant grasp what I am doing wrong. For the sake of it, here is a pic what I have right now.

    I want to be able to connect to the ESXi, which is on a different subnet, from one of my other computers.

    0
  • I

    I got it! I need to create a GW, vlan, and interface. Then I had to put them together and enable it! All set and working great. Thanks

    0
  • I

    I spoke too soon… I have an interface with a static ip of 192.168.1 with a gateway assigned that is of the same ip. I have a vlan assigned to the interface as well...

    I can get there just fine if I assign a second ip to one of my boxes... but I am unable to reach the other machines without a second ip...

    Any thoughts?

    0

  • If you change your lan to 192.168.5, you also need to change network ip configuration on all machines at the same network/vlan.

    0
  • I

    I dont have anything set to 192.168.5.x…

    I have one subnet at 192.168.2.x and one at 192.168.1.x

    My virtual machine is using 192.168.1.101. My box that Im connecting with is at 192.168.2.36. If my box uses 192.168.1.36 as well as 192.168.2.36, it works fine. IM trying to figure out a way, without a second router, to use just the 192.168.2.36 ip and still reach the 192.168.1.101

    0

  • inzel,

    Sorry, I swapped info with another post.

    what vlan ids did you applied to pfsense interface?

    You should get something like this to have both vlans working and wan as well

    LAN (lan)        -> bce0_vlan10 -> 192.168.2.1
    WAN (wan)        -> bce1_vlan20 -> x.x.x.x
    opt1 (opt1)        -> bce1_vlan30 -> 192.168.1.1

    0
  • I

    I created two new interfaces that are tagged to a vlan

    WAN         rl0 (mac)
    LAN         bge0 (mac)  –-> 192.168.2.1
    External_LTM bge0 vlan421 --> 192.168.1.1
    Internal_LTM bge0 vlan420

    Im not worried about the internal interface at the moment... that is going to be behind a load balancer. I just need to hit the External_LTM

    0

  • The lan interface attached to bge0 must be tagged to.

    The default switch vlan on most switches has id=1

    configure it to
    WAN              rl0 (mac)
    LAN              bge0_vlan1 (mac)  –-> 192.168.2.1
    External_LTM    bge0_vlan421 --> 192.168.1.1
    Internal_LTM    bge0_vlan420

    and see if it works

    0
  • I

    HHmmm… how do I do that? As soon as I tag it, I lose my lan connections. Is there something special to do inside pfsense?

    0

  • Do it from pfsense console but you may have to setup all(3) vlans again.

    0
  • I

    Ok…. I want to clarify what I mean when I say I lose lan connections... I mean that I am unable to rdp into a box from outside when I do that... Ill try it from the console and recreate the vlans. Should I create the LAN vlan first?

    0
  • I

    I am unable to connect via console… since I dont have a serial port or a serial cable. I deleted the vlans and recreated them, starting with vlan 1 and assigning it to the LAN interface. No luck. I ended up creating all of them again and Im back to where I was before

    0

  • From outside, you will need to Allow access from external ip to pfsense gui at wan address to configure lan interface.

    But if have access to vlan1 untagged, you will need first to edit switch port pfsense lan is conected to and tag default vlan or set it as trunk.
    Also check the id number for default vlan.

    Do it carefully to do not loose access.

    In short:
    Access gui from wan
    Edit switch config to tag all vlans you need
    assign lan to It's vlan id.

    0
  • I

    Thank you for taking the time to help me out with this. It seems that I need to do some reading because I dont know where to change the switch config in the gui. I do have access to the gui from wan tho. I will look in to that further and try to educate myself more before I ask any further questions.

    Thank you again for everything so far

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy