Test setup (Traversing a private network)



  • Hi,

    I'm going to test pfSense before implementing it at one of our customers;

    however, I'm very short of time and have some issues I'd like to fix ASAP.

    At our customer, we will have a typical dual WAN (failover) setup,
    with a local LAN and maybe some VPN tunnel(s).

    Before setting stuff up there, I'd like to test this in our LAN (since
    we have two gateways, maybe this is 'real world' enough to convince my
    boss that a expensive commercial solution is not needed).

    Internet
                                        |            |
                                        |            |
                                      gw1        gw2
                          192.168.1.1        192.168.1.2
                                  |                            |
                              (our LAN 192.168.1.0/24)
                                  |                            |
                      192.168.1.253        192.168.1.254
                        –-------------------------------------
                        |    wan1                    wan2    |
                        |                  pfsense                  |
                        |              lan 192.168.2.1/24  |
                        ---------------------------------------
                                                |
                                                |
                            our test LAN 192.168.2.0/24
                                    |                        |
                            test client1        test client2

    So, I'd like to deplay a (new) test LAN with a few clients, with
    pfSense attached to via LAN port. In our existing LAN pfSense will
    have two connections, each pointing to one of our gateways (see
    diagram above, I hope it makes things clear).

    My question now is: Is that possible (routing in private address
    ranges)? And if it really is (what I suspect ;), then how do I have to
    configure pfSense and the clients in the test LAN?

    Is it sufficient to point the default route (def gw) of the test
    clients at 192.168.2.1?

    Thanks very much in advance,

    Seth



  • Internet
                                        |            |
                                        |            |
                                      gw1        gw2
                          192.168.1.1        192.168.1.2
                                  |                            |
                              (our LAN 192.168.1.0/24)
                                  |                            |
                      192.168.1.253        192.168.1.254
                        –-------------------------------------
                        |    wan1                    wan2    |
                        |                  pfsense                  |
                        |              lan 192.168.2.1/24  |
                        ---------------------------------------
                                                |
                                                |
                            our test LAN 192.168.2.0/24
                                    |                        |
                            test client1        test client2

    I see the problem that both your WAN's are in the same subnet.
    That wont work.
    In an older version of pfSense you could specify where the traffic should be sent to reach the internet.
    I think i remember sullrich said that you still can modify the file for multiWAN manually and add your own gateways.
    Then you would need only one interface for WAN (with only one IP) and just balance to your two gateways on the WAN-subnet.

    My question now is: Is that possible (routing in private address
    ranges)? And if it really is (what I suspect Wink, then how do I have to
    configure pfSense and the clients in the test LAN?

    Is it sufficient to point the default route (def gw) of the test
    clients at 192.168.2.1?

    yes :)



  • Right GruensFroeschli, you can do that with a single wan and editing the poolconfiguration in the config.xml manually. It will be possible through the gui in 1.3 as seth rewrote the gateway code to be much more flexible. Please note that you won't be able to edit that pool through the webgui, once you modified it manually in the config.xml but that should not be needed anyway.


Locked