Multi-LAN problem
-
Hi There
I have a task which now appears to be impossible to do on PF sense.
I will explain my setup quickly:
On Company 1 server room I have the following setup:
PF sense box(192.168.0.1) with 2 WAN connections and 2 LAN connections
WAN1: Internet Connection - ADSL 1
OPT1: Failover Internet Connection - ADSL 2
LAN: Cable to switch to allow users on Company 1 to have internet access. IP 192.168.0.0/24
OPT2: IP address is 172.16.1.1 and gateway is 172.16.1.2I also have data servers which holds data that company 2 needs access to
Company 2 server room
PF sense box(192.168.2.1) with 1 WAN connection
WAN1: Internet connection - ADSL
LAN: Cable to switch to allow users on company 2 to have internet connection. IP 192.168.2.0/24
OPT1: IP address 172.16.1.2 and gateway is 172.16.1.1I have a cat6 cable running from OPT2 network card on company 1 to OPT1 network card on company 2
I have setup firewall rules on both PF sense boxes as below:
Comnpany 1:
LAN: Allow any traffic coming from LAN interface with destination of network(192.168.2.0/24) to go through on any port and selected GW to be 172.16.1.2
OPT2: Allow traffic with source network( 192.168.2.0/24) from OPT2 interface with destination of LAN subnet and selected GW to be 172.16.1.2Company 2:
LAN: Allow any traffic coming from LAN interface with destination of network (192.168.0.0/24) to go through on any port and selected GW to be 172.16.1.1
OPT1: Allow traffic from source network (192.168.0.0/24) from OPT2 interface with destination of LAN subnet and selected GW to be 172.16.1.1Logic:
Allow users from company 1 to access data on company 2, vice-versa.
Problem:
Cannot access servers of company 1 from company 2. When I run tracert to any ip at company 1 from company 2, I see that it uses WAN connection instead of OPT1.
What am I doing wrong?
-
You most probably need a static route for the subnet reachable via the OPT interface pointing to the gateway.
-
Hi GruensFroeschli
I just tried doing a static route but it still doesn't work…
I am out of ideas here....
-
you probably need a route on both sides