Newbie networking? maybe… advices expected
-
Hi there
I'm not an expert with firewalls and networking, but have a lot of computer experience
I manage 5 sites
Each one have an internet connection without firewalls
The main site have 2 connection (1 SDSL + 1 ADSL) + 1 PABX
Each site have windows Servers (with DNS)
I configured an openvpn RAS server on the main site, to connect the servers into one single domain
I choosed pfsense to create a better vpn (multi site with pki)
Each site will have a pfsense appliance (or Virtual Machine with pfsense)
The center of the multi site VPN is a pfsense VM on an hosted server
For now I have 3 pfsenses: the main site, the hosted server site and another site setted up, working ok (NAT , VPN)
On the main site I configured load balancing (multi WAN with gateway group), working okBUT
One thing that disturb me is that I can't easily use pfsense as the single router for my LAN
Because I have my internet box acting as modem/router (External IP + internal IP) and I can't easily change this
On the main site my SDSL box have 192.168.0.1 LAN address, the ADSL box is 192.168.0.2 and the PABX use 192.168.0.252… I don't want (nor I can't have) our internet provider to change this...So I setup my pfsense on the main site as this:
WAN1 on 192.168.0.3/24, gw 192.168.0.1
LAN on 192.168.0.20/24
WAN2 on 192.168.0.4/24, gw 192.168.0.2
With my client configured to use 192.168.0.20 as gateway
This works! Load balancing ok, VPN ok, NAT ok, etcBUT
I feel this not the good way... I should change my IP address range for the clients maybe? but I'm stuck within the 192.168.0.0/24 network because of my boxes and the PABX...
I am very confused when I look at trafic graphs, on a download (radio listening) I see the black curve of the WAN1 being the same as the red curve of WAN2 (but not everytime! Got one time the black curve from WAN1 corresponding to the red curve of LAN interface > that one seems logic)
On pftop lot of lines like these:
PR D SRC DEST STATE AGE EXP PKTS BYTES
udp I 192.168.0.21:2788 2.11.54.239:32258 0:1 15 21 3 411 < my client
udp O 192.168.0.4:56008 2.11.54.239:32258 1:0 15 21 3 411 < the WAN2 interfaceIt this normal behavior?
I also tried to disable automatic outbound outbound NAT rule generation > nat still working but radio hangs after some seconds
I configured the rules to have VPN and https above the loadbalancing gateway group
How do you feel reading my life? :P ??? :o ;D
-
So I setup my pfsense on the main site as this:
WAN1 on 192.168.0.3/24, gw 192.168.0.1
LAN on 192.168.0.20/24
WAN2 on 192.168.0.4/24, gw 192.168.0.2
With my client configured to use 192.168.0.20 as gateway
This works! Load balancing ok, VPN ok, NAT ok, etcthis doesn't work and will never work.
-
Yeah how would that work with the same network on all of the interfaces??? 192.168.0/24 ???
-
Yeah how would that work with the same network on all of the interfaces??? 192.168.0/24 ???
Well, he does open with this as his first sentence…...
"I'm not an expert with firewalls and networking, but have a lot of computer experience":o
Perhaps he could use a copy of Stevens?::)
-
So…. why does it works???? Can you explain me?
If not, can you tell me if this is better:
WAN1: 192.168.0.3 / 24 with gw 192.168.0.1
WAN2: 192.168.0.4 / 24 with gw 192.168.0.2
(for multiwan)
having still my PABX on 192.168.0.252 (I can't change this)
and
LAN: 192.168.100.1 / 24...
or, should I set differents networks also between WAN1 and WAN2?
I can manage my WAN2 gateway (internet box) to change his network
-
You should have a different network for every and each of your interfaces. End of story. Your setup is completely broken.
-
ok… maybe I'll never understand why it is actually working...
So :
WAN1 192.168.0.2 /24 with gateway 192.168.0.1 < on this gateway I can't change a thing
WAN2 192.168.99.2 / 24 with gateway 192.168.99.1
LAN 192.168.100.1 / 24
should be a good choice?My PABX on 192.168.0.252 will still work I hope
-
I have no idea what's PABX in the first place. If it's supposed to hang on WAN, then it needs to plugged in front of your pfSense.
