4. Having trouble routing between interfaces

Having trouble routing between interfaces

  • O

    Hello all, this is my current setup:

    Wan1 ->                            pfSense
    Wan2 ->                            pfSense
    Lan (10.0.0.1/24)->            pfSense
    Loopback (10.1.0.1/30) ->  pfSense

    Computers after both Lan and Loopback are not able to communicate with each other (no ping).

    I have a firewall rule in Lan with a gateway setup for policy based routing and according to this: https://forum.pfsense.org/index.php?topic=73437.msg401069#msg401069 that's the reason they can't communicate with eath other. I need this firewall rule, how can I perform a manual route between these 2 subnets?

    0
  • O

    Update: Computer in Lan can ping 10.1.0.1 (though it seems to be pinging over the internet and not locally 30-50ms)  and 10.0.0.1 but computer in Loopback can only ping 10.1.0.1 but not 10.0.0.1.

    0
  • LAYER 8 Global Moderator

    Well you sure are not going to be using the gateway when talking to your other segment.  So put a rule above it that allows whatever traffic you want to that other segment.

    0
  • O

    Sorry, I'm not following. Wouldn't adding another rule on top of the "policy based routing" voids it (policy based routing)?

    10.0.0.50-10.0.0.90 range has WAN2 gateway assigned with policy based routing.
    Red arrows means no traffic. Yellow arrows are working traffic.
    10.0.0.98-10.0.0.116 pings 10.1.0.2 over the Internet.

    External traffic goes as:

    Services in Windows: 195.x.x.98 (same as pfSense public IP)
    10.0.0.98-10.0.0.116: Static IP's assigned with virtual IP of WAN1
    10.0.0.50-10.0.0.90: Single dynamic IP from WAN2

    Here's attached diagram (login to view)


    0
  • LAYER 8 Global Moderator

    No it wouldn't void because it would only be to your local segment.

    So you have source your lan to your loopback segment no gateway set whatever you want to allow any any, port 80m, whatever pass

    Then you have your rule that says use gateway group, or whatever wan you want to send specific traffic.

    Unless I am dest to the loopback segment, rule doesn't fire and I hit next rule until one fires or I get to default deny.

    You have to setup a rule that allows traffic to your other segments before you setup a rule to go out some specific wan or group gateway, etc.

    0
  • O

    So, let me see if I got this straight, all I have to is I create a firewall rule for whatever traffic/port (ex. SAMBA file sharing, IMCP) assigned to gateway of WAN1 before the rule of policy based routing (WAN2). I thought I had to do a rule for outbound NAT for WAN1/WAN2/LAN/Loopback.

    Damn, that was dumb then haha, let me set it up and report back.

    0
  • O

    It works :) but why is traffic going over the Internet?  :o

    Average of 30-53ms of ping to both 10.1.0.1 and 10.1.0.2 (Loopback subnet).

    0
  • LAYER 8 Global Moderator

    Why are you putting wan1??  Do you use wan one to get to your other segment?  Then why are you putting a gateway?  Leave the gateway blank so pfsense can use its own routing table to get there.  Look in you routing table.. Pfsense has an interface in that network - so it knows how to get there.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy