pfSense Forum

pfSense English Support => NAT => Topic started by: mattie01 on December 07, 2017, 09:05:08 am

Title: Wan and Lan on same IP range for test lab
Post by: mattie01 on December 07, 2017, 09:05:08 am
Hi All,
So I have just taken over a bit of network infrastructure (a couple of servers and such) that needs a bit of TLC and I want to setup a test lab that is an exact replica of a production environment on vsphere, using pfsense as a virtual router to block all network traffic between the two but allowing access to http and https so I can pull in  windows and linux server updates for testing before deploying to production.

I've had a quick look around the internet and on the forum, there are lots of references advising it is easy to do with PFsense but I haven't had much luck setting it up I guess I am missing something stupid.


So my normal network is a 172.16.x.x 255.255.0.0 with the default gateway address as 172.16.0.1, if I have the wan pickup an ip address of say 172.16.252.252 and have the pfsense interface run on 192.168.1.1 i can see the pfsense from an internal machine and can browse the internet, (I haven't placed any firewall rules in place to block anything as I wanted to wait until I can get the internet network working on the 172.16.0.x range) but everytime I try and set this up then I lose all network access to the pfsense from the machines on the inside LAN. I can still access it via vsphere.

Ideally I want the internal lan address of the pfsense to be 172.16.0.1 so that it mimics my live environment and I don't then need to change the gateway on any of the VMwares I deploy to this test lab.

I believe I have the vmware site setup correctly. with 3 switches, 1 for vsphere management connected to a real nic, 1 switch for the wan side of the pfsense vm connected to a different real nic, and another virtual switch with no real nic's assigned to it which I put all the internal test lab devices on, so the only connection they have to a working nic is via the vswitch on the WAN side of pfsense.

Also I should mention there are no VLANS on the network, that is my next project to get sorted but wanted a test lab up and running first.

As I said I am guessing I am missing something as everything I have read seems to point to say this is all possible so if anyone can help on what I am doing wrong that would be great.

thanks for taking a look.

Title: Re: Wan and Lan on same IP range for test lab
Post by: JKnott on December 07, 2017, 09:42:17 am
You cannot have the same network address on both sides of a router.  It won't know which way to forward a packet.