Need help with subnets
-
I have on subnet with all my servers on it, and anohter with all the computers in my house on it. how do i get the computers to be able to acess files on the server if there on different subnets??? Ive been getting pointed in every random direction because i keep getting told "You need to set the rules!" and "you need to use RIP!" but that dosint help me when people dont say what i need to f*** do when using them, so pleas someone help me :( ive been working on this for like a week
-
And how are these "segments" connected to your pfsense?
So Lets say one segment is 192.168.1.0/24 and connected to pfsense on its LAN inteface with an address 192.168.1.1/24.. Now on a different interface in pfsense OPT1 you have 192.168.2.1/24 with servers on this 192.168.2.0/24 segment.
Is this how your connected? If not - tell us how your network is all connected together and be happy to walk you through how to proceed. So example of your network?
-
Here is my networks current layout
-
So at first I thought those were on the same network with that /23, but .0 and .1 would be 1, and then 2 and .3 would be next.. Do you really have that many devices on each segment, why use /23?
So you should be good.. What is not working?
So which one of those is the LAN interface and which is OPT 1
What are the rules you have on those interfaces? I would assume you have each segment using the pfsense interface IP as gateway with the same /23 mask.
And we are SURE your not using that AP as nat gateway – its really just being used as AP, cuz if not that could be your issue.
-
I checked that, and originally i thought that was the source of the problem. But then i rememberd that not too long after setting up the PFsense router, i had set what was normally an ISR into "AP Mode" which makes it function souly as an AP. Here is all the subnets and rules i have. (Btw, i have about 25 devices running on the wifi LAN)
-
So what is the issue.. Now your LAN, that first rule is pointless, since your 2nd rule is more open.
On your wifilan which I assume is your default lan interface because of the antilockout and wifilan lan as source with desc, etc. Look fine.
So your segments should talk fine with each other. So I wonder why you have a /23 if you have 25 some devices?? That makes no sense to have such a large mask.
So I assume your pfsense interfaces are
192.168.1.1/23 wifilan
192.168.2.1/23 lanWhere clients on wifilan are
192.168.1.x/23
default gateway 192.168.1.1
dns 192.168.1.1and clients on your lan are
192.168.2.x/23
default gateway 192.168.2.1
dns 192.168.2.1So for example I am on my wired network 192.168.1.0/24 and wireless is 192.168.2.0/24 and I have the following
C:\Windows\System32>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : i5-w7
Primary Dns Suffix . . . . . . . : local.lan
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : local.lanEthernet adapter Local:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : 18-03-73-B1-0D-D3
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.253
DNS Servers . . . . . . . . . . . : 192.168.1.253
NetBIOS over Tcpip. . . . . . . . : EnabledAnd so you can see I can ping a device on my wireless network, my blackberry for example
C:\Windows\System32>ping blackberry
Pinging blackberry.local.lan [192.168.2.229] with 32 bytes of data:
Reply from 192.168.2.229: bytes=32 time=106ms TTL=127
Reply from 192.168.2.229: bytes=32 time=129ms TTL=127
Reply from 192.168.2.229: bytes=32 time=152ms TTL=127Ping statistics for 192.168.2.229:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 106ms, Maximum = 152ms, Average = 129msSo I don't see anything wrong in you firewall rules – so unless you have local firewalls blocking your access on your servers, or have your wificlients behind a NAT on what you think is an AP? I don't see anything wrong.. You sure you don't have 192.168.1.0/xx behind your wireless router and 192.168.1.0/xx on your wan of your wifi router? And you just think its setup as accesspoint? I would look on a client, and see what it shows for your mac of your pfsense IP with arp command -- if you see your AP mac then that is where your issue is.
Just look via ifconfig on you pfsense
em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=98 <vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:00:00:02
inet 192.168.1.253 netmask 0xffffff00 broadcast 192.168.1.255And then on your client
C:\Windows\System32>arp -a
Interface: 192.168.1.100 –- 0xc
Internet Address Physical Address Type
192.168.1.7 00-0c-29-dd-02-ba dynamic
192.168.1.8 00-0c-29-57-41-d5 dynamic
192.168.1.31 b8-27-eb-1c-6e-09 dynamic
192.168.1.40 2c-76-8a-ad-f6-56 dynamic
192.168.1.50 00-15-99-21-1c-a0 dynamic
192.168.1.99 00-06-dc-43-ad-78 dynamic
192.168.1.220 7f-bf-a9-aa-29-5b dynamic
192.168.1.252 00-13-10-fe-84-08 dynamic
192.168.1.253 00-50-56-00-00-02 dynamic
192.168.1.255 ff-ff-ff-ff-ff-ff static
224.0.0.251 01-00-5e-00-00-fb static
224.32.32.107 01-00-5e-20-20-6b static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static</vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast> -
When you say you're having trouble accessing files on your server LAN, I take it you're referring to filesharing in Windows XP/Vista/7? If that's the case, you need to configure a WINS server option in your DHCP settings on your workstation LAN. Most Windows server discovery services use broadcast messages to determine the IP of a fileserver, which doesn't work across subnets.
Go into the DHCP Server configuration on your LAN and under WINS servers put the IP of your fileserver. This will tell your computer to explicitly contact your fileserver to determine what fileservers are on your network. Save the settings, restart the DHCP server and then release and renew the IP on your workstation. Then you should be able to access your fileserver by NetBIOS name or IP address. You also need to ensure your clients and your fileserver are in the same workgroup.
-
Another thing that you need to check is that all your Windows machines have their firewall setup as home or private. If you have the firewall set up as public then that could be a potential source of your problems. You might want to try to disable all firewalls to see if this will help you.
Also just for anyone referencing this post, you don't need a dynamic routing protocol when you want to route across two different networks/subnets when those networks are directly connected to the router that is doing the routing. As long as you have a rule allowing traffic out of those interfaces you are good. So if you have any rip going on disable it
192.168.1.1 /23 is in the middle of your IP scope and is not good form, you could potentially assign that IP out to a host and that would cause your internet issues a well. You should make your WiFi Lan interface 192.168.0.1 that is the first useable IP on the 192.168.0.0/23 supernet.