Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Several LAN through one NIC and NAT

    Scheduled Pinned Locked Moved NAT
    11 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mohscorpion
      last edited by

      hi
      i have a setup in my work place , here is setup :
      multiple lan 192.168.x.x subnets and 1 172.16.x subnet .
      they are all going through a CISCO router through a fix ip address 192.168.0.1.
      i have some problems :
      1. if i set network & mask 192.168.0.1/16 on LAN NIC , only 192.168.x  clients can connect and 172.16.x cannot connect.
      2. if i set network & mask 192.168.0.1/1 on LAN NIC ( it can't accept zero i guess because it becomes like a default gateway ), all clients can connect but most of internet sites become down ( appear to be down) , i guess because of IP bigger than 128.0.0.0 which is the mask.
      what i want is to set things up in a way that all my sublans can connect to pfsense in a way that doesn't interfere with internet routes.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        So you want this?  If not, describe your network better.

        Chickenfoot.png
        Chickenfoot.png_thumb

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • M
          mohscorpion
          last edited by

          quite reverse , all subnets are VLANs go to cisco router (192.168.x.x and 172.16.x)
          cisco router has a port connected to pfsense directly with 192.168.0.2 IP and pfsense LAN IP is 192.168.0.1
          first problem is that if i set mask on pfsense's LAN to 24 , 172.16.x.x connections are all rejected
          and if i set mask too low like 1 , internet routing malfunctions .
          i thought maybe i can set VLANs up on pfsense to accept all connections , am i right ?

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Don't know.  Draw a diagram.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • M
              mohscorpion
              last edited by

              it is like this :

              Drawing1.png
              Drawing1.png_thumb

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                So pfSense is 192.168.0.1 and the cisco is 192.168.0.2?

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • M
                  mohscorpion
                  last edited by

                  yup

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    System > Routing, Gateways tab

                    Create a gateway, interface LAN, Name Cisco, Gateway 192.168.0.2

                    Do not check default or anything else.

                    System > Routing, Routes tab

                    Add a route for 192.168.0.0/16, Gateway Cisco
                    Add a route for 172.16.0.0/12, Gateway Cisco

                    See what that does.

                    And do yourself a favor and put your DSL modem in bridge mode and let pfSense grab the public IP address from the ISP on its WAN interface.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      You also want to create outbound NAT rules for those networks.  Is this pfSense 2.1 or 2.2?

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • M
                        mohscorpion
                        last edited by

                        2.2
                        strange thing is that there is already an astaro device m which works perfectly without any settings.
                        i have already put ADSL modem in bridge mode, because i don't like double NAT too :)

                        1 Reply Last reply Reply Quote 0
                        • DerelictD
                          Derelict LAYER 8 Netgate
                          last edited by

                          Maybe they enabled dynamic routing protocols.  Doesn't make any sense that it would just work with no config.

                          Anyway, you want to add outbound NAT rules for 192.168.0.0/16 and 172.16.0.0/12

                          Chattanooga, Tennessee, USA
                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.