Re- Route from PfSense to L3 Switch
-
Hey folks,
here my scenario:
The L3 has a 0.0.0.0 to the PfSense (192.168.100.2)
Inter Vlan Routing works perfect, Failover & Loadbalancing works perfect, DHCP to 192.168.101.0 /24 works perfect, 192.168.100.0 /24 has no Problems to access the Internet.
I realized a similar Scenario few weeks ago with a Watchguard M400. Here i only had to add a Re-Route 192.168.101.0 -> 192.168.100.1 (L3) and the 101's can access the Internet with no problems.
What i have to do on the PfSense, that the 101's can surf in the internet ? cuz when i want to add a Route, i only can chose a GW as the destination.
Regards
Coco -
-create a "LAN_gateway" pointing to your L3 switch.
-create a static route for the subnet behind the switch
-make sure you have nat entries on pfsense for the subnet behind the switch -
try to use tracert to dns google from you file server and copy and paste hops so I can understand better where packets arrive.
ciao -
Instead of having the pfSense interface on one of the L3 interfaces, make a transit network. The hosts on VLAN10 have two choices of routers. One to get to VLAN 20 (the switch) and one to get to the internet (pfSense). Hosts are dumb and have no way to make that decision without altering the routing table on each of them.
Make a third VLAN for use only between pfSense and the switch. IP it something different (192.168.99.0/29 or something)
Set all the VLAN hosts default gateway to the switch and the switch's default gateway to pfSense.
Create a gateway on pfSense for the switch and static route your VLAN networks to that.
-
thanx for your qualified answers, guys.
i will check out these tips monday or tuesday.
what i had forgotten (it was 2 o'clock in the morning :) )… i think i have to change the LAN rulez from "LAN subnet" to "any", that the 101's can have access to the internet, right ?
regards
coco -
Yes. You have to pass traffic into pfSense on your transit network from all the subnets that will be source addresses into LAN.
