Advanced routing



  • Hi,

    i am using PFsense in vm behind a ISP provided router
    current configs are pretty simple

    physical lan is 10.170.85.x and pfsense lan 192.168.10.1 , 1732 for pptp has been forwarded to pfsense for remote login,
    the VMs seem to working fine,

    however now i need to connect the same vms to another Physical Lan which 10.170.2.x

    so since i am using a whole group of VMs i simply added another NIC to the host and bridged the VMs to connect to the second network as well.

    as we all know only 1 gateway can work at a time so i removed one of the gateway, thing startd to get weird. some times the VMs would freeze up or the network traffic woould confuse the vms.

    so i got this idea where instead of asking the VMs to connect to two diffrent networks, i would like to do a advanced routing in pfsense and make it take the traffic from LAN 10.170.85.x add someone 192.168.10.x traffic to it and forward to 10.170.2.x

    meaning vms wont have to have 2 diffrent NICs to connect to and pfsense would handle the dirty work.

    is this possible? and what should i look into firewall rules? how many NICs do i need to connect to the pfsense

    P.s. 10.170.85.x and 10.170.2.x are both physical networks 192.168.10.x is the host only vmware adapter being used by all the vms to communicate with pfsense and each other.

    appreciate all the help!

    cheers



  • Sorry for clogging the thread… Just wanted to add a little more stuff

    Basically the 10.170.85.x lan purpose is to allow access to the vm from outside ..so i can rdp to it

    The real purpose of the vm is to get the person accessing from outside and let him her access 10.170.2.x

    The problem with dropped connection starts when the vm gets confused between the 2 network to avoid that i would ideally like the vm to be on a single subnet and access the mentioned lan.

    Thanks



  • Well, to me if the real purpose is to use the 2.x network, then I would drop the 85.x network. Setup the WAN ip you use in pfSense to also allow a VPN, so that you can connect a VPN and RDP to any host.
    Then setup NAT or routing/firewall to pin hole the traffic you want to pass. You could keep the second as a failover, but that would be only for outbound traffic.
    It might be possible to do what you want with just the 2 networks.



  • @podilarius:

    Well, to me if the real purpose is to use the 2.x network, then I would drop the 85.x network. Setup the WAN ip you use in pfSense to also allow a VPN, so that you can connect a VPN and RDP to any host.
    Then setup NAT or routing/firewall to pin hole the traffic you want to pass. You could keep the second as a failover, but that would be only for outbound traffic.
    It might be possible to do what you want with just the 2 networks.

    thanks for your reply, after a bit of work i tried your suggestion but it started getitng messy, and totally lost where i was and what i was trying to do..

    instead now i wanna just keep it simple i.e. :

    1 pfsense 2.0 vm with 2 NIC (1 getting DHCP ip from a network with internet access 10.170.85.x ) and (another on a network {private} that requires static IP 10.170.2.x)

    i think it would be easier for me to config it so that pfsense appliance accepts pptp and ipsec connections from Internet wan (10.170.85.x) and then forwards the connection to the private Lan's wan (10.170.2.x)

    kindly please guide me in this, and many thanks for your initial idea.

    regards


Log in to reply