• Hello all,

    My company has a T1 bridge to access a remote area from the station. They placed all the devices on a 192.168.1.xxx IP range and their subnet was set to 255.255.254.000 - gateway of 192.168.0.1.

    This, according to the previous fellas notes, was to allow access from the remote location.

    Everything in this building is on a 192.168.0.xxx IP range and a subnet of 255.255.255.000 gateway of 192.168.0.1.

    Our router died - all the settings went with it. I replaced the router with a pfsense box, got everything pretty much working, but for the life of me I have no Idea why I cannot see the 192.168.1.xxx network.

    Now the start of the T1 bridge is at 192.168.0.180 - the other end is at 192.168.1.181 - on the other end is a 4 port switch with the devices sitting there with 192.168.1.xxx static IPs.

    There is a static route set in the firewall now that basically states that any destination network of "192.168.1.0 /24" goes to the 192.168.0.180 T1 line.

    This is how the notes were written for this, this is what I reproduced.

    The best I can figure is that any ".1.xxx" traffic is supposed to get routed to the T1 - supposedly to come out the other end at the static IP address of the device they are trying to get to.

    One of these devices is a UDP device - believe it or not it’s getting all of it's UDP traffic; however, I need TCP to work so I can use the Web interface to control it.

    Now I'm no expert by any means, my brain cannot wrap itself around this because I have never had to do this before - so I need a push on how to set this PF sense box up so I can see the device on the other end.

    Sounds confusing - frankly I wouldn’t blame ya if you just ignore this, but if someone was willing to throw their 2 cents, I would be greatly appreciative.

    Thanks,

    Bill

  • LAYER 8 Netgate

    You state it's a bridge.

    That means there is no routing and there is no need for any gateways or routes for connectivity between bridge member segments.

    All hosts on the network should have the same netmask, and the same gateway, which should be the router that gets them off of the 192.168.0.0/23 subnet.

    My company has a T1 bridge to access a remote area from the station. They placed all the devices on a 192.168.1.xxx IP range and their subnet was set to 255.255.254.000 - gateway of 192.168.0.1.

    This, according to the previous fellas notes, was to allow access from the remote location.

    Everything in this building is on a 192.168.0.xxx IP range and a subnet of 255.255.255.000 gateway of 192.168.0.1.

    Any host on the 192.168.0.0/24 network that needs to access something on 192.168.1.0/23 will not arp for it so it can communicate same-subnet because the /24 netmask says it's on a different subnet.  The host will consult its routing table and send it on accordingly - probably to its default gateway.

    Looks to me like you should treat the two sides of the bridge as a single network with all the same subnet and gateway settings.


  • Probably because of the mess of routing you have there. Some devices on a /23 subnet, some on a /24. Not a big deal if you're purely routing, but throw a stateful firewall into the mix with some traffic only going in one direction through the firewall, and you have a mess.

    Ideally, fix it so the masks of everything actually match. Everything on a /23 probably best if it's really just a flat network. Otherwise everything on /24 so the routing happens properly.

    The "Bypass firewall rules for traffic on the same interface" option under System>Advanced, Firewall/NAT might suffice in the mean time. But likely only if you can ping across. If you can't ping, there's a more fundamental network issue at hand. The asymmetric routing will only impact TCP in most configs.