4. Several LAN through one NIC and NAT

Several LAN through one NIC and NAT

  • M

    hi
    i have a setup in my work place , here is setup :
    multiple lan 192.168.x.x subnets and 1 172.16.x subnet .
    they are all going through a CISCO router through a fix ip address 192.168.0.1.
    i have some problems :
    1. if i set network & mask 192.168.0.1/16 on LAN NIC , only 192.168.x  clients can connect and 172.16.x cannot connect.
    2. if i set network & mask 192.168.0.1/1 on LAN NIC ( it can't accept zero i guess because it becomes like a default gateway ), all clients can connect but most of internet sites become down ( appear to be down) , i guess because of IP bigger than 128.0.0.0 which is the mask.
    what i want is to set things up in a way that all my sublans can connect to pfsense in a way that doesn't interfere with internet routes.

    0
  • Netgate

    So you want this?  If not, describe your network better.


    0
  • M

    quite reverse , all subnets are VLANs go to cisco router (192.168.x.x and 172.16.x)
    cisco router has a port connected to pfsense directly with 192.168.0.2 IP and pfsense LAN IP is 192.168.0.1
    first problem is that if i set mask on pfsense's LAN to 24 , 172.16.x.x connections are all rejected
    and if i set mask too low like 1 , internet routing malfunctions .
    i thought maybe i can set VLANs up on pfsense to accept all connections , am i right ?

    0
  • Netgate

    Don't know.  Draw a diagram.

    0
  • M

    it is like this :


    0
  • Netgate

    So pfSense is 192.168.0.1 and the cisco is 192.168.0.2?

    0
  • M

    yup

    0
  • Netgate

    System > Routing, Gateways tab

    Create a gateway, interface LAN, Name Cisco, Gateway 192.168.0.2

    Do not check default or anything else.

    System > Routing, Routes tab

    Add a route for 192.168.0.0/16, Gateway Cisco
    Add a route for 172.16.0.0/12, Gateway Cisco

    See what that does.

    And do yourself a favor and put your DSL modem in bridge mode and let pfSense grab the public IP address from the ISP on its WAN interface.

    0
  • Netgate

    You also want to create outbound NAT rules for those networks.  Is this pfSense 2.1 or 2.2?

    0
  • M

    2.2
    strange thing is that there is already an astaro device m which works perfectly without any settings.
    i have already put ADSL modem in bridge mode, because i don't like double NAT too :)

    0
  • Netgate

    Maybe they enabled dynamic routing protocols.  Doesn't make any sense that it would just work with no config.

    Anyway, you want to add outbound NAT rules for 192.168.0.0/16 and 172.16.0.0/12

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy