Several LAN through one NIC and NAT
i have a setup in my work place , here is setup :
multiple lan 192.168.x.x subnets and 1 172.16.x subnet .
they are all going through a CISCO router through a fix ip address 192.168.0.1.
i have some problems :
1. if i set network & mask 192.168.0.1/16 on LAN NIC , only 192.168.x clients can connect and 172.16.x cannot connect.
2. if i set network & mask 192.168.0.1/1 on LAN NIC ( it can't accept zero i guess because it becomes like a default gateway ), all clients can connect but most of internet sites become down ( appear to be down) , i guess because of IP bigger than 220.127.116.11 which is the mask.
what i want is to set things up in a way that all my sublans can connect to pfsense in a way that doesn't interfere with internet routes.
So you want this? If not, describe your network better.
quite reverse , all subnets are VLANs go to cisco router (192.168.x.x and 172.16.x)
cisco router has a port connected to pfsense directly with 192.168.0.2 IP and pfsense LAN IP is 192.168.0.1
first problem is that if i set mask on pfsense's LAN to 24 , 172.16.x.x connections are all rejected
and if i set mask too low like 1 , internet routing malfunctions .
i thought maybe i can set VLANs up on pfsense to accept all connections , am i right ?
Don't know. Draw a diagram.
it is like this :
So pfSense is 192.168.0.1 and the cisco is 192.168.0.2?
System > Routing, Gateways tab
Create a gateway, interface LAN, Name Cisco, Gateway 192.168.0.2
Do not check default or anything else.
System > Routing, Routes tab
Add a route for 192.168.0.0/16, Gateway Cisco
Add a route for 172.16.0.0/12, Gateway Cisco
See what that does.
And do yourself a favor and put your DSL modem in bridge mode and let pfSense grab the public IP address from the ISP on its WAN interface.
You also want to create outbound NAT rules for those networks. Is this pfSense 2.1 or 2.2?
strange thing is that there is already an astaro device m which works perfectly without any settings.
i have already put ADSL modem in bridge mode, because i don't like double NAT too :)
Maybe they enabled dynamic routing protocols. Doesn't make any sense that it would just work with no config.
Anyway, you want to add outbound NAT rules for 192.168.0.0/16 and 172.16.0.0/12