Why This Config working!!

djnemo · Oct 23, 2013, 11:45 AM

Hi,

I have a pfSense 2.1-RC in vmware. I have one physical NIC on my computer and two virtual in vmware for pfsense both in bridge mode.

NOTE: My physical NIC is connected to managed switch.

Now i have Configured my
WAN:
172.16.5.1/16
WAN_GW:172.16.0.1/16

LAN:
172.16.6.1/16
NO Gateway
NO DHCP

and im using all default Routing rules.
Now when im using 172.16.6.1 as default gateway in all 255.255.0.0 subnet all their traffic passing from my pfSense in VM and pfSense passing them to WAN Gateway.

as far as i know i cannot have WAN and LAN on same subset,

Can anyone tell me WHY THIS CONFIGURATION IS working ?

johnpoz · Oct 23, 2013, 12:03 PM

"two virtual in vmware for pfsense both in bridge mode."

So your actually just bridged to your physical nic sounds like to me - how do you know traffic is routing to pfsense at all? and not just going from your bridge out your physical nic?

What vmware software are you using player, workstation, esxi ?? What version? and lets see its networking setup. Also I never understand this..

So your post is today, 10/23/2013 –- why are you using "I have a pfSense 2.1-RC" Final has been out for quite some time.

djnemo · Oct 24, 2013, 9:03 AM

@johnpoz:

"two virtual in vmware for pfsense both in bridge mode."

So your actually just bridged to your physical nic sounds like to me - how do you know traffic is routing to pfsense at all? and not just going from your bridge out your physical nic?

What vmware software are you using player, workstation, esxi ?? What version? and lets see its networking setup. Also I never understand this..

So your post is today, 10/23/2013 –- why are you using "I have a pfSense 2.1-RC" Final has been out for quite some time.

Look My WAN and LAN interfaces are in pfSense and then i change all other client computers default gateway to pfSense LAN port and i can see that their traffics are passing from my pfSense i can Block the traffic of One IP address Squidguard work perfect.
im testing this on vmware workstation 9 and ESXi v5 i dont see any reason that this not working on player.

i have tested this with 2.0.3, 2.1 RC1 and 2.1 Final working very nice in VM but not on my pfSense hardware(a physical computer with two NIC).

johnpoz · Oct 24, 2013, 1:13 PM

Well no shit its not going to work with 2 physical nics – you have the same network on both sides.

So you actually WANT that setup? For what possible reason? If you want to use 172.16.5 and 172.16.6 fine just change your mask to /24 vs /16 that makes them not the same network.

As to squid working sure you can bounce off a proxy on your network.. Here's the thing your lan and wan are connected to the same physical network. So no matter what network you want to talk to to get to your actual gateway off your network pfsense is actually connected to it so it doesn'tt really matter what interface it uses.

Nor would it matter if client said I am not going to talk to pfsense - and I will just talk to the gateway directly..

djnemo · Oct 24, 2013, 3:35 PM

Here…

As you can see if work very nice for me, And i have both of those addresses on /16

I dont know why ITS WORKING in Virtual Machine.

johnpoz · Oct 24, 2013, 3:52 PM

Its working because your IPs are connected to the same network.. So does not matter what interface pfsense sends traffic from be its lan or its wan it can still talk to your actual physical gateway.

So if you look at its routing table - what does its show as primary route to 172.16.1.1 which I assume is your actual physical gateway off your network. What interface is it using?

Here is your problem - a client connected to lan side of pfsense can directly talk to 172.16.1.1 - there is no reason for it to talk to pfsense IP - unless you tell it too. Because your lan side is bridged to the same physical interface as your wan interface.

Why in the world would you setup such a pointless setup?