Hepl with 1wan 2 lan

rolg

hello i have 2 gateways, the default one goes to internet, and the other goes to a remote network office, the configuration is attached
the problem is that i cant make my 2 lans to get connected, even from my lan i cant reach the remote lan gateway, and from my pfsense box i cant reach the remote router and the only firewall is this pfsense box,
for example:
i got this machine: ip 10.10.4.76/16 GW 10.10.1.120
when i ping the CFG lan interface i got nothing, so the CFGGW too
i think its becouse the netmask, so i do route add 10.10.6.0/24 10.10.1.120 and i can ping the CFG interface
but when i do:
ping 10.10.6.9
PING 10.10.6.9 (10.10.6.9) 56(84) bytes of data.
From 10.10.1.120 icmp_seq=6 Destination Host Unreachable
thats the result.
tip: from the lans routers i can reach each other normally
what i can do to fix this?
thanks

rolg

sorry i miss this info too:
from my pc with route added
(traceroute to the local router)
traceroute 10.10.6.1
traceroute to 10.10.6.1 (10.10.6.1), 30 hops max, 60 byte packets
1  10.10.1.120 (10.10.1.120)  0.368 ms  0.352 ms  0.342 ms
2  10.10.6.1 (10.10.6.1)  1.050 ms  1.229 ms  1.401 ms

(traceroute to the remote router)
traceroute 10.10.6.9
traceroute to 10.10.6.9 (10.10.6.9), 30 hops max, 60 byte packets
1  10.10.1.120 (10.10.1.120)  0.265 ms  0.230 ms  0.342 ms
2  * * *
3  * * *
4  * * *
5  * * *
6  * * *
7  * * *
8  * * *
9  * * *

Derelict

Figure out your subnetting.

10.10.6.4 is also in 10.10.1.120/16.

rolg

yes it is
and i know that's the problem
i can split my lan into subnets like 10.10.1.0/24, 10.10.2.0/24…. i use from 10.10.1 to 10.10.5.
the thing is to not to do the spliting thing
i wanna know if this is possible, and how to do it.

Derelict

You can't have two interfaces on conflicting subnets.  If you want to supernet, say, 10.10.0.0/16 and ROUTE THAT to another router that takes the networks and subnets it to interfaces like 10.10.1.0/24, 10.10.2.0/24, etc, you can do that but you can't assign the /16 to an interface.

rolg

10.10.0.0/16 its my lan prefix so if i add interfaces to my pfsense box to cover all the ranges of may lan (lets say 10.10.1.0-10.10.5.255) with prefix /24 then i can route the remote lan (10.10.6.0)?
sorry i'm not quite understand u, i have ever do that
thansk for answering

Derelict

You cannot do that.  You need to understand basic IP subnetting.  Many, many sources for this information are already out there.

Get rid of the /16 or, for the other networks, use a prefix other than 10.10.

rolg

thanks for the tip
so, if i reduce my /16 to /22 then the 10.10.6… subnet gets out of my lan net so every request to that network will be managed by the gateway, its like that?

Derelict

http://www.ircbeginner.com/ircinfo/Routing_Article.pdf

https://www.google.com/search?q=ip+subnetting

rolg

thanx im reading the articles
as u can see i have changed some rules (marked in yellow)

now adding a route in my pc i can reach the remote network
but from inside pfsense i can't (im missing something)
i'll will lplay with rules in order to reach the remote network from inside pfsense, when i achieve this i'll post it

and when i end studying the supernetting thing i will change my lan mask and let u know how it works
thanks 4 all

Derelict

Your problem is more than just rules, it's interface addresses and subnets.