1. Home
  2. pfSense® Software
  3. NAT
  4. Several LAN through one NIC and NAT

Several LAN through one NIC and NAT

  • M

    hi
    i have a setup in my work place , here is setup :
    multiple lan 192.168.x.x subnets and 1 172.16.x subnet .
    they are all going through a CISCO router through a fix ip address 192.168.0.1.
    i have some problems :
    1. if i set network & mask 192.168.0.1/16 on LAN NIC , only 192.168.x  clients can connect and 172.16.x cannot connect.
    2. if i set network & mask 192.168.0.1/1 on LAN NIC ( it can't accept zero i guess because it becomes like a default gateway ), all clients can connect but most of internet sites become down ( appear to be down) , i guess because of IP bigger than 128.0.0.0 which is the mask.
    what i want is to set things up in a way that all my sublans can connect to pfsense in a way that doesn't interfere with internet routes.

    0
  • Derelict
    LAYER 8 Netgate

    So you want this?  If not, describe your network better.


    0
  • M

    quite reverse , all subnets are VLANs go to cisco router (192.168.x.x and 172.16.x)
    cisco router has a port connected to pfsense directly with 192.168.0.2 IP and pfsense LAN IP is 192.168.0.1
    first problem is that if i set mask on pfsense's LAN to 24 , 172.16.x.x connections are all rejected
    and if i set mask too low like 1 , internet routing malfunctions .
    i thought maybe i can set VLANs up on pfsense to accept all connections , am i right ?

    0
  • Derelict
    LAYER 8 Netgate

    Don't know.  Draw a diagram.

    0
  • M

    it is like this :


    0
  • Derelict
    LAYER 8 Netgate

    So pfSense is 192.168.0.1 and the cisco is 192.168.0.2?

    0
  • M

    yup

    0
  • Derelict
    LAYER 8 Netgate

    System > Routing, Gateways tab

    Create a gateway, interface LAN, Name Cisco, Gateway 192.168.0.2

    Do not check default or anything else.

    System > Routing, Routes tab

    Add a route for 192.168.0.0/16, Gateway Cisco
    Add a route for 172.16.0.0/12, Gateway Cisco

    See what that does.

    And do yourself a favor and put your DSL modem in bridge mode and let pfSense grab the public IP address from the ISP on its WAN interface.

    0
  • Derelict
    LAYER 8 Netgate

    You also want to create outbound NAT rules for those networks.  Is this pfSense 2.1 or 2.2?

    0
  • M

    2.2
    strange thing is that there is already an astaro device m which works perfectly without any settings.
    i have already put ADSL modem in bridge mode, because i don't like double NAT too :)

    0
  • Derelict
    LAYER 8 Netgate

    Maybe they enabled dynamic routing protocols.  Doesn't make any sense that it would just work with no config.

    Anyway, you want to add outbound NAT rules for 192.168.0.0/16 and 172.16.0.0/12

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy