Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    "unusual" routing needed

    General pfSense Questions
    3
    5
    792
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      militades last edited by

      Hi,
      i'm replacing our current Firewall (and WAN) with a new firewall with pfSense and a new WAN line.
      Since the setup is rather complex, with different VPN tunnels etc. I want to migrate over to the new line slowly.

      I got pfSense up and running, I want to use a new IP range on the pfSense (compared to the old setup on the old firewall) and have the LAN interface with 2 IPs one in the old 192.168.0.0/24 and one with the new 10.0.0.0/16
      I figured i need a VIP on my LAN interface with the second IP, but how do i tell pfSense to allow all traffic between the two IPs?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        I figured i need a VIP on my LAN interface with the second IP, but how do i tell pfSense to allow all traffic between the two IPs?

        pfSense, same as other routers or firewalls, can only control traffic between different interfaces, but not between different IP ranges at the same interface.
        So there will be no need for a rule to allow this traffic.

        However, you have to tell your to LAN devices the route to the new network.
        It would be easier to assign an additional interface for gateway use between the two firewalls and configure a static route on firewall directly.

        1 Reply Last reply Reply Quote 0
        • stephenw10
          stephenw10 Netgate Administrator last edited by

          Presumably you are wanting pfSense to route between the two subnets?

          Steve

          1 Reply Last reply Reply Quote 0
          • M
            militades last edited by

            yes, i want full access between the two networks, our setup is just too complicated to move everything over to the new adresses at once so i need this for a while while i move services to new IPs.
            pfsense was already set as gateway for my testbox, but i could not reach the "old" network on the same interface as the "new" network with my testbox that was connected to pfsense …

            1 Reply Last reply Reply Quote 0
            • stephenw10
              stephenw10 Netgate Administrator last edited by

              Hmm, I'm not sure this is possible in the conventional manner.
              This user did it by NATing between the subnets but that's not ideal:
              https://forum.pfsense.org/index.php?topic=64700.0
              I'm not sure it's necessary either. Check the system routing table, do you have route to both subnets via the LAN connection?
              Which virtual IP type are you using?

              This user seems to have acheived it using just floating rules which is probably more what you're looking for:
              https://forum.pfsense.org/index.php?topic=58943.0

              Steve

              1 Reply Last reply Reply Quote 0
              • First post
                Last post