Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing Issues to another router

    Scheduled Pinned Locked Moved Routing and Multi WAN
    14 Posts 3 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jswope
      last edited by

      Hello all

      I have a route setup to network 10.32.122.0/24 and 10.32.126.0/24. There is a router connected to out network with the ip of 10.33.217.1. I have a route setup and gateway. The issue is that when they conect to the software the goes to that router 10.33.217.1 with is access the network 10.32.122.0/16

      Here are the screen shots

      The software connects then disconnects after a request has been made.

      I can ping both ips for the software 10.32.122.40 and 10.32.126.40.

      This issue does not arise with the old cicso router.  It had a route as follows

      ip route 10.32.0.0 255.255.0.0 10.33.217.1

      and then a rule on the lan interface

      Any help with be greatful

      access-list 100 permit ip any 10.32.0.0 0.0.255.255

      Capture.PNG
      Capture.PNG_thumb
      Capture1.PNG
      Capture1.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • J
        jswope
        last edited by

        example of issue

        User sends request for plate info via  vender program, Program  does not send info back unless you close the application and reopen it then it send the info.

        1 Reply Last reply Reply Quote 0
        • awebsterA
          awebster
          last edited by

          It looks like you've configured the routes properly, but please also share LAN config and Firewall rules.
          Is the pfSense LAN IP the same as what you had on the old Cisco router?

          Also check System -> Advanced -> Firewall/NAT tab
          Bypass firewall rules for traffic on the same interface should be checked.

          –A.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Why not duplicate what you had that was working - One route for 10.32.0.0/16 to 10.33.217.1 ??

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              @awebster:

              Also check System -> Advanced -> Firewall/NAT tab
              Bypass firewall rules for traffic on the same interface should be checked.

              Why?  The downstream router should be routing between those subnets.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Keep in mind that an "old cisco router" is not a stateful firewall and will happily pass asymmetric/triangle routed packets.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • awebsterA
                  awebster
                  last edited by

                  @Derelict:

                  @awebster:

                  Also check System -> Advanced -> Firewall/NAT tab
                  Bypass firewall rules for traffic on the same interface should be checked.

                  Why?  The downstream router should be routing between those subnets.

                  In the event PCs on LAN segment are using pfSense as default GW, traffic might not need to be inspected going back out LAN interface to hit the router.

                  @Derelict:

                  Keep in mind that an "old cisco router" is not a stateful firewall and will happily pass asymmetric/triangle routed packets.

                  Good point!
                  Which is why I asked: Is the pfSense LAN IP the same as what you had on the old Cisco router?

                  Bottom line, the original post is kinda thin on details, so we're just guessing at this point.

                  –A.

                  1 Reply Last reply Reply Quote 0
                  • J
                    jswope
                    last edited by

                    The new router LAN ip is 10.33.217.253 the old one is 10.33.217.2. I dont have access to  the vendors router. I called them to verify that they didnt have to change any config in there router.

                    Attached is  the lan rules.

                    Posted by: Derelict
                    « on: Today at 09:33:30 pm » Insert Quote
                    Why not duplicate what you had that was working - One route for 10.32.0.0/16 to 10.33.217.1 ??

                    I tried that as well set route to 10.32.0.0/16 to use gateway 10.33.217.1

                    Rules.PNG
                    Rules.PNG_thumb

                    1 Reply Last reply Reply Quote 0
                    • J
                      jswope
                      last edited by

                      Changed it back to 10.32.0.0/16 and still have same issue.

                      routes.PNG
                      routes.PNG_thumb

                      1 Reply Last reply Reply Quote 0
                      • J
                        jswope
                        last edited by

                        @awebster:

                        It looks like you've configured the routes properly, but please also share LAN config and Firewall rules.
                        Is the pfSense LAN IP the same as what you had on the old Cisco router?

                        Also check System -> Advanced -> Firewall/NAT tab
                        Bypass firewall rules for traffic on the same interface should be checked.

                        Should I check in System -> Advanced -> Firewall/NAT tab
                        Bypass firewall rules for traffic on the same interface should be checked.

                        what does this actually do??

                        1 Reply Last reply Reply Quote 0
                        • awebsterA
                          awebster
                          last edited by

                          Check the routing on the LEADS router.

                          If you change the IP of your router, LEADS router has no way of getting the traffic back to your Internal networks.
                          Your internal network's machines should have pfSense as default gateway OR route for 10.32.0.0/16 to LAN IP of pfSense.
                          LEADS router must have routes back to your Internal Network's IP range(s) or default route back to 10.33.217.2.

                          
                                                  +--------+                    +---------+
                                                  |        |                    |         |
                                                  | LEADS  |                    | pfSense |    YOUR
                               10.32.0.0/16 <=====| ROUTER |<===10.33.217/24===>|         |<== INTERNAL
                                                  |        |.1                .2|         |    NETWORKS
                                                  |        |                    |         |
                                                  +--------+                    +---------+
                                                  >>>>>>>>>>                    <<<<<<<<<<<
                                        To reach Internal Networks        To reach LEADS networks 
                                           send to 10.33.217.2            10.32.0.0/16 send to 10.33.217.1
                          
                          

                          –A.

                          1 Reply Last reply Reply Quote 0
                          • J
                            jswope
                            last edited by

                            I had them verify there settings and they said everything was ok. I will call them tommorrow again and maybe I will get to talk to somebody else. I know it has to be something on there end but what about the

                            lso check System -> Advanced -> Firewall/NAT tab
                            Bypass firewall rules for traffic on the same interface should be checked.

                            1 Reply Last reply Reply Quote 0
                            • awebsterA
                              awebster
                              last edited by

                              @jswope:

                              Also check System -> Advanced -> Firewall/NAT tab
                              Bypass firewall rules for traffic on the same interface should be checked.

                              When checked, pfSense will not apply firewall rules to traffic entering and leaving on the same logical interface.

                              –A.

                              1 Reply Last reply Reply Quote 0
                              • J
                                jswope
                                last edited by

                                I checked the box and it seems to be working now. I also verified with the vendor of there settings and he added routes for the  pcs that only use the software and so far so good.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.