"unusual" routing needed
-
Hi,
i'm replacing our current Firewall (and WAN) with a new firewall with pfSense and a new WAN line.
Since the setup is rather complex, with different VPN tunnels etc. I want to migrate over to the new line slowly.I got pfSense up and running, I want to use a new IP range on the pfSense (compared to the old setup on the old firewall) and have the LAN interface with 2 IPs one in the old 192.168.0.0/24 and one with the new 10.0.0.0/16
I figured i need a VIP on my LAN interface with the second IP, but how do i tell pfSense to allow all traffic between the two IPs? -
I figured i need a VIP on my LAN interface with the second IP, but how do i tell pfSense to allow all traffic between the two IPs?
pfSense, same as other routers or firewalls, can only control traffic between different interfaces, but not between different IP ranges at the same interface.
So there will be no need for a rule to allow this traffic.However, you have to tell your to LAN devices the route to the new network.
It would be easier to assign an additional interface for gateway use between the two firewalls and configure a static route on firewall directly. -
Presumably you are wanting pfSense to route between the two subnets?
Steve
-
yes, i want full access between the two networks, our setup is just too complicated to move everything over to the new adresses at once so i need this for a while while i move services to new IPs.
pfsense was already set as gateway for my testbox, but i could not reach the "old" network on the same interface as the "new" network with my testbox that was connected to pfsense … -
Hmm, I'm not sure this is possible in the conventional manner.
This user did it by NATing between the subnets but that's not ideal:
https://forum.pfsense.org/index.php?topic=64700.0
I'm not sure it's necessary either. Check the system routing table, do you have route to both subnets via the LAN connection?
Which virtual IP type are you using?This user seems to have acheived it using just floating rules which is probably more what you're looking for:
https://forum.pfsense.org/index.php?topic=58943.0Steve
