Routing Traffic From VLAN to VLAN without defined gateway
-
I have 2 VLAN's and I have some devices the we use that have two lan connections but the default gateway is assigned on lan 1. And want to be able to access the 2nd lan without having the gateway configured in the device. Is there any rules I can make to automatically assume outgoing traffic is on the 10.38.0.1/20 subnet if the gateway is undefined?
VLAN 100 10.38.0.1/20
VLAN 200 192.168.1.1/24I can access 192.168.1.1/24 network now from the 10.38.0.1/20 network just fine. Just trying to make it easier on the employee's since the devices we use come defaulted to the 192.168.1.1 network and we set lan 1 to the customers network were the devices are going to be installed.
-
No.
TCP/IP devices need to know the address of the next hop router in order to route traffic to other networks. This is not a function of the router. It's a function of the end hosts. Without a default gateway, the host will return something like "No route to host" for destination addresses not on any connected subnets.
Your end hosts on 192.168.1.0/24 should have the IP address of the pfSense interface (192.168.1.1?) as their default gateway. Rules should then be in place on the pfSense interfaces to allow whatever traffic you want to allow between VLANs.
-
Yeah I was thinking it was impossible didnt know if pfsense had a trick
-
For what it's worth, to config devices like that I use a blank VLAN (no pfSense interface at all.)
Say my blank bench VLAN is 1200. I have untagged ports on VLAN 1200 on the bench and I create a VLAN interface on my workstation (a mac). I can then set that VLAN interface to whatever IP network I need to access devices out-of-the-box. This doesn't disrupt normal network traffic since my main LAN is also tagged to my workstation. I don't have to worry about devices having DHCP servers enabled by default or anything since it's isolated from everyone. The workstation has a tftp server for firmware/config files, etc.
