Need help with subnets

pmiccich

I have on subnet with all my servers on it, and anohter with all the computers in my house on it. how do i get the computers to be able to acess files on the server if there on different subnets??? Ive been getting pointed in every random direction because i keep getting told "You need to set the rules!" and "you need to use RIP!" but that dosint help me when people dont say what i need to f*** do when using them, so pleas someone help me :( ive been working on this for like a week

johnpoz

And how are these "segments" connected to your pfsense?

So Lets say one segment is 192.168.1.0/24 and connected to pfsense on its LAN inteface with an address 192.168.1.1/24..  Now on a different interface in pfsense OPT1 you have 192.168.2.1/24 with servers on this 192.168.2.0/24 segment.

Is this how your connected?  If not - tell us how your network is all connected together and be happy to walk you through how to proceed.  So example of your network?

pmiccich

Here is my networks current layout

johnpoz

So at first I thought those were on the same network with that /23, but .0 and .1 would be 1, and then 2 and .3 would be next..  Do you really have that many devices on each segment, why use /23?

So you should be good.. What is not working?

So which one of those is the LAN interface and which is OPT 1

What are the rules you have on those interfaces?  I would assume you have each segment using the pfsense interface IP as gateway with the same /23 mask.

And we are SURE your not using that AP as nat gateway – its really just being used as AP, cuz if not that could be your issue.

pmiccich

I checked that, and originally i thought that was the source of the problem. But then i rememberd that not too long after setting up the PFsense router, i had set what was normally an ISR into "AP Mode" which makes it function souly as an AP. Here is all the subnets and rules i have. (Btw, i have about 25 devices running on the wifi LAN)

johnpoz

So what is the issue..  Now your LAN, that first rule is pointless, since your 2nd rule is more open.

On your wifilan which I assume is your default lan interface because of the antilockout and wifilan lan as source with desc, etc. Look fine.

So your segments should talk fine with each other.  So I wonder why you have a /23 if you have 25 some devices??  That makes no sense to have such a large mask.

So I assume your pfsense interfaces are

192.168.1.1/23 wifilan
192.168.2.1/23 lan

Where clients on wifilan are
192.168.1.x/23
default gateway 192.168.1.1
dns 192.168.1.1

and clients on your lan are
192.168.2.x/23
default gateway 192.168.2.1
dns 192.168.2.1

So for example I am on my wired network 192.168.1.0/24 and wireless is 192.168.2.0/24 and I have the following

C:\Windows\System32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : i5-w7
  Primary Dns Suffix  . . . . . . . : local.lan
  Node Type . . . . . . . . . . . . : Broadcast
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : local.lan

Ethernet adapter Local:

Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
  Physical Address. . . . . . . . . : 18-03-73-B1-0D-D3
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.1.253
  DNS Servers . . . . . . . . . . . : 192.168.1.253
  NetBIOS over Tcpip. . . . . . . . : Enabled

And so you can see I can ping a device on my wireless network, my blackberry for example

C:\Windows\System32>ping blackberry

Pinging blackberry.local.lan [192.168.2.229] with 32 bytes of data:
Reply from 192.168.2.229: bytes=32 time=106ms TTL=127
Reply from 192.168.2.229: bytes=32 time=129ms TTL=127
Reply from 192.168.2.229: bytes=32 time=152ms TTL=127

Ping statistics for 192.168.2.229:
    Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 106ms, Maximum = 152ms, Average = 129ms

So I don't see anything wrong in you firewall rules – so unless you have local firewalls blocking your access on your servers, or have your wificlients behind a NAT on what you think is an AP?  I don't see anything wrong.. You sure you don't have 192.168.1.0/xx behind your wireless router and 192.168.1.0/xx on your wan of your wifi router?  And you just think its setup as accesspoint?  I would look on a client, and see what it shows for your mac of your pfsense IP with arp command -- if you see your AP mac then that is where your issue is.

Just look via ifconfig on you pfsense

em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=98 <vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:00:00:02
        inet 192.168.1.253 netmask 0xffffff00 broadcast 192.168.1.255

And then on your client

C:\Windows\System32>arp -a

Interface: 192.168.1.100 –- 0xc
  Internet Address      Physical Address      Type
  192.168.1.7          00-0c-29-dd-02-ba    dynamic
  192.168.1.8          00-0c-29-57-41-d5    dynamic
  192.168.1.31          b8-27-eb-1c-6e-09    dynamic
  192.168.1.40          2c-76-8a-ad-f6-56    dynamic
  192.168.1.50          00-15-99-21-1c-a0    dynamic
  192.168.1.99          00-06-dc-43-ad-78    dynamic
  192.168.1.220        7f-bf-a9-aa-29-5b    dynamic
  192.168.1.252        00-13-10-fe-84-08    dynamic
  192.168.1.253        00-50-56-00-00-02    dynamic
  192.168.1.255        ff-ff-ff-ff-ff-ff    static
  224.0.0.251          01-00-5e-00-00-fb    static
  224.32.32.107        01-00-5e-20-20-6b    static
  239.255.255.250      01-00-5e-7f-ff-fa    static
  255.255.255.255      ff-ff-ff-ff-ff-ff    static</vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast>

echoranger

When you say you're having trouble accessing files on your server LAN, I take it you're referring to filesharing in Windows XP/Vista/7? If that's the case, you need to configure a WINS server option in your DHCP settings on your workstation LAN. Most Windows server discovery services use broadcast messages to determine the IP of a fileserver, which doesn't work across subnets.

Go into the DHCP Server configuration on your LAN and under WINS servers put the IP of your fileserver. This will tell your computer to explicitly contact your fileserver to determine what fileservers are on your network. Save the settings, restart the DHCP server and then release and renew the IP on your workstation. Then you should be able to access your fileserver by NetBIOS name or IP address. You also need to ensure your clients and your fileserver are in the same workgroup.

mikeisfly

Another thing that you need to check is that all your Windows machines have their firewall setup as home or private. If you have the firewall set up as public then that could be a potential source of your problems. You might want to try to disable all firewalls to see if this will help you.

Also just for anyone referencing this post, you don't need a dynamic routing protocol when you want to route across two different networks/subnets when those networks are directly connected to the router that is doing the routing. As long as you have a rule allowing traffic out of those interfaces you are good. So if you have any rip going on disable it

192.168.1.1 /23 is in the middle of your IP scope and is not good form, you could potentially assign that IP out to a host and that would cause your internet issues a well. You should make your WiFi Lan interface 192.168.0.1 that is the first useable IP on the 192.168.0.0/23 supernet.