Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route between 2 interfaces

    Scheduled Pinned Locked Moved Routing and Multi WAN
    17 Posts 5 Posters 35.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      globexgr
      last edited by

      Hi,

      i have 2 interfaces Lan (192.168.88.0/24) and Opt1(192.168.77.0/24). I would like to access a computer on opt1 (lets say 192.168.77.10 on port 80) from a computer from lan (e.g 192.168.88.100). From the search i've done on the net i am given to understand that i will need to use another gateway or sth but i just cant get it to work. Can anyone tell me the specific rules and steps i will need to follow to make this work.

      tx in advance

      EDIT: LAN IP = 192.168.88.1
             OPT1 IP = 192.168.77.1

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        is pfsense the default gateway for you clients ?

        if yes: just add firewall rules to PASS FROM lan to op1 and the other way around.

        if no: you gonna have to do the same but also add routes on every client.

        1 Reply Last reply Reply Quote 0
        • G
          globexgr
          last edited by

          Tx for the fast reply.

          My default gateway (copied from pfsense) is this: WAN (default) WAN 192.168.16.1 192.168.16.1 Interface WAN Dynamic Gateway

          So i guess i fall to the second category. Right?
          I have two questions.
          A. why do i have to add PASS rule from opt1 to lan.
          B. How exactly do i set up those routes. Do you mean that i have to perform configurations on the source and target device? Isn't that doable through pfsense only. I need more detail in that one.

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            how is your network layout ??

            internet – Pfsense __ LAN---PC1 , PC 3
                                        | __OPT1-- PC2, PC4

            if it is like that, then pfsense IS your default gateway ... then you only need to add the firewall rules.

            A. why do i have to add PASS rule from opt1 to lan.

            if you wish to be able to connect from OP1 to LAN then you need one, if not, then you don't

            1 Reply Last reply Reply Quote 0
            • G
              globexgr
              last edited by

              Yes this is my network layout more or less. I have done what you said and tested it with netcat. I do find the specified port open on the host of OPT1 from LAN but then the connection is reset. Sniffing with wireshark i see that i manage to perform a full 3-way handshake but then the pc on OPT1 sends a RST packet. I am not sure whether i will be able to connect to an application running on that machine yet.

              My exact set up is this.

              internet – Pfsense __ LAN---PC1 , PC 3
                                         | __OPT1--Bridge--- PC2, PC4

              The bridge is nothing but a router running in bridge mode so i can connect multiple computers to the OPT1 interface. So my initial purpose was to connect to the bridge's web interface which i though would be possible if i could access the OPT1 subnet but i cannot. So am I missing sth here? My assumption is that you can access the bridge's interface through OPT1 only. Is that correct?

              EDIT: Yes i can connect to a remote folder in the OPT1 from LAN. So that means it will work. But my second question remains. Why cant i access the bridge's web interface?

              1 Reply Last reply Reply Quote 0
              • P
                podilarius
                last edited by

                It might not have a gateway set and if it does, it might not be pfsense on that interface.

                1 Reply Last reply Reply Quote 0
                • G
                  globexgr
                  last edited by

                  Indeed you are right. The gateway IP of the bridge is the IP of the Bridge (192.168.77.10). But when i add a route to 192.168.77.1 i lose access to the bridge. I am really confused about how this works. I attach a screen of the routing table in the bridge.

                  1 Reply Last reply Reply Quote 0
                  • P
                    podilarius
                    last edited by

                    What kind of device it that?
                    If is in bridge mode, then it should be able to pass traffic even to itself. It is very unusual that a device would use itself for a gateway as it seem like an infinite loop. Usually you are going to use a device one step up (IE the pfsense route/firewall).

                    1 Reply Last reply Reply Quote 0
                    • G
                      globexgr
                      last edited by

                      It is a wlan router (see http://www.baudtec.com.tw/p_wlan%20adsl2+%20router_tw263r4.htmfor more details). The only configuration i have done is to set it in bridge mode. The OPT1 subnet has access to both the bridge and the pfsense.
                      But as i said i can't access it from the LAN subnet even though i can see a service on the OPT1 subnet. Is it possible that by default this device does not allow traffic coming from the outside??? After all it was meant to be used as a home adsl2 router (it was provided to me by my ISP) so you wouldn't want anyone to access it from outside. Just saying. It is confusing though. Let me know if you need more screens, info or anything else.

                      P.S. Is it possible to VPN to the OPT1 and access it "from inside". Would this work as a workaround or am i misinterpreting the concept of VPN?

                      1 Reply Last reply Reply Quote 0
                      • P
                        podilarius
                        last edited by

                        It would still need to be routed. So, your theory is probably correct in that your wlan router is setup in such as way as to block access. It is hard to tell if that is because it is blocking private IPs or any access. If you have access to the configuration, it should be easy to check or change that behavior.

                        1 Reply Last reply Reply Quote 0
                        • G
                          gderf
                          last edited by

                          @globexgr:

                          My exact set up is this.

                          internet – Pfsense __ LAN---PC1 , PC 3
                                                     | __OPT1--Bridge--- PC2, PC4

                          The bridge is nothing but a router running in bridge mode so i can connect multiple computers to the OPT1 interface.

                          Wouldn't a hub or switch be a better choice instead of that "bridge" or is it also being used as an access point?

                          1 Reply Last reply Reply Quote 0
                          • P
                            podilarius
                            last edited by

                            according to his posts, it is an access point (wlan). but I could be wrong.

                            1 Reply Last reply Reply Quote 0
                            • G
                              gderf
                              last edited by

                              @podilarius:

                              according to his posts, it is an access point (wlan). but I could be wrong.

                              According to his posts it's an ADSL router. I use mine here as an access point by disabling its WAN port and plugging one of the LAN ports into my LAN's switch.

                              I don't see anything in his posts saying he is actually using it as an access point. The way I read it, he's using it as a hub. If that's true, why does he need to see the ADSL router's web pages?

                              1 Reply Last reply Reply Quote 0
                              • P
                                podilarius
                                last edited by

                                No idea. I do exactly the same thing. I don't use the WAN port at all.
                                Even if he was using it as a switch, the WAN on that should not be used, just one of the LAN ports would work.

                                1 Reply Last reply Reply Quote 0
                                • G
                                  globexgr
                                  last edited by

                                  Wouldn't a hub or switch be a better choice instead of that "bridge" or is it also being used as an access point?

                                  Yes it would be…but i had a spare router so i used that instead of buying a switch. It is not used as an wireless access point though as i have disabled the wifi.

                                  The way I read it, he's using it as a hub. If that's true, why does he need to see the ADSL router's web pages?

                                  Correct me if I am wrong but i think i am trying to use it as a switch. The reason i need to access its web page is because i want to manage all my network devices from the lan subnet.

                                  Even if he was using it as a switch, the WAN on that should not be used, just one of the LAN ports would work.

                                  There is no distinction between WAN and LAN ports as far as i can tell. Maybe because its an ADSL router and its meant to be used to connect you to the internet and not a different subnet.Just saying.

                                  Is it possible to VPN to the OPT1 and access it "from inside". Would this work as a workaround or am i misinterpreting the concept of VPN?

                                  Nobody really answered that question.

                                  P.S. Tx for the feedback. Even if we don't make it work i appreciate the responses.

                                  1 Reply Last reply Reply Quote 0
                                  • P
                                    podilarius
                                    last edited by

                                    As a test, plug it up the pfsense interface into the "LAN" switch port on that device and see if all works like expected. Setting up a VPN probably won't work, but you can give it a try.

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      dguy
                                      last edited by

                                      i may be wrong but you should be able to just use your LAN port without bridging.

                                      i have two wireless routers configured in my network. i simply don't plug in the WAN port and just use the LAN ports essentially as a switch. in your case turn off bridging, plug ethernet into LAN (i.e. Port 1) with IP 192.168.77.10; have that connect to your pfsense box (IP 192.167.77.1) and see if that works.

                                      i checked the documenation of your router and it looks no different than your typical routers except for the ADSL port acting as the WAN.

                                      i agree that the VPN scenario probably won't work, or is too complex a solution for what you want to accomplish.

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.