Messages

1

General Questions / Re: How to configure pfSense as a router for two internal LAN subnets?

« on: January 03, 2018, 08:43:53 am »

Hmmm...

My SG-1000 only has two interfaces, so how would this work in practise? Would I have to create a VLAN for the transit network?

2

General Questions / Re: How to configure pfSense as a router for two internal LAN subnets?

« on: January 03, 2018, 07:17:33 am »

All working now, I needed a static route to the LAB network on the SG-1000 router. Thanks for looking everyone!!

3

General Questions / Re: How to configure pfSense as a router for two internal LAN subnets?

« on: January 02, 2018, 02:48:47 pm »

Draw a picture of how you have this set up and talk about your ultimate goals. 

OK.

Here's the network diagram.



I want pfSense on beryllium to allow traffic both ways between LAN and LAB networks unhindered. It seems that machines in LAB network can't reach some machines in LAN, but machines in LAN can reach all machines in LAB. Here are the results from a machine on each network.

On cowslip.duck.loc
Cannot ping 10.0.0.1, 10.0.0.8 (timed out)
Can ping 10.0.0.10, 10.0.0.4, 10.0.0.3, 10.0.0.9, 10.0.1.1, 10.0.1.4

On lithium.duck.loc
Can ping everywhere fine

Here are the firewall rules on beryllium.localdomain

4

General Questions / Re: How to configure pfSense as a router for two internal LAN subnets?

« on: January 01, 2018, 05:26:53 pm »

Hi everyone, thanks for reading, I still have an issue where no servers on the LAB domain can access the internet. I can't ping the LAN interface of my Netgate WAN router from the LAB network, but I can ping it from the LAN network. Any ideas?

5

General Questions / Re: How to configure pfSense as a router for two internal LAN subnets?

« on: January 01, 2018, 01:30:49 pm »

NO that is NOT the correct way to do it!!!  Create a route to use not a default gateway - arrrgghhh..

OK, ok!

I've done this now and all good from 10.0.0.3 to 10.0.1.1!



I can also now ping from 10.0.1.1 to 10.0.0.3!!

I do however, have one small issue. I can't ping the netgate router (10.0.0.1) from my LAB network. Any ideas on why?

6

General Questions / Re: How to configure pfSense as a router for two internal LAN subnets?

« on: January 01, 2018, 01:26:10 pm »

You converted your WAN to LAB interface?

You have to disable all outbound NAT.

No I converted LAN to LAB interface and converted WAN to LAN interface. Here are my NAT outbound rules:

7

General Questions / Re: How to configure pfSense as a router for two internal LAN subnets?

« on: January 01, 2018, 12:24:45 pm »

A-ha!!

I added the second gateway into my machine and I can now ping 10.0.1.4 from 10.0.0.3. Feel like we're making some progress!

However, I can't ping 10.0.1.1 from 10.0.0.3...



What is odd is that I can ping the 10.0.1.1 machine from the LAN interface on pfSense:

8

General Questions / Re: How to configure pfSense as a router for two internal LAN subnets?

« on: January 01, 2018, 11:30:50 am »

Here are the settings for machine 10.0.0.3. I do have Private Internet Access VPN client installed but it's not running. I also have the Hyper-V service on this machine but not currently using it. It is joined to domain duck.loc where machine 10.0.1.1 is the domain controller so quite important it can connect to it!



The default gateway is my Netgate device to go to the internet (10.0.0.1)

Here's the tracert

9

General Questions / Re: How to configure pfSense as a router for two internal LAN subnets?

« on: January 01, 2018, 11:13:57 am »

Getting strange.

I have a VM on the Hyper-V host called neon.localdomain with IP 10.0.0.10.

I can ping that from machine 10.0.1.1, but machine 10.0.1.1 cannot ping the Hyper-V host interface 10.0.0.9 or my desktop 10.0.0.3.

10

General Questions / Re: How to configure pfSense as a router for two internal LAN subnets?

« on: January 01, 2018, 11:02:50 am »

Floating rules are above, none configured. Sorry yeah should have mentioned Hyper-V but it really shouldn't factor.

On machine 10.0.1.1 I can ping pfSense interface 10.0.0.4 fine.
On machine 10.0.1.1 I cannot ping physical machine (my desktop) 10.0.0.3 (Request timed out).
On machine 10.0.0.3 I cannot ping pfSense interface 10.0.1.4 (Request timed out).

Odd.

Here's my Hyper-V switches in case it's relevant:

11

General Questions / Re: How to configure pfSense as a router for two internal LAN subnets?

« on: January 01, 2018, 10:41:29 am »

To add some more info as we cross-posted... thanks v. much BTW for your time!



Machine 10.0.1.1 is a Hyper-V VM hosted by a machine called fluorine on IP 10.0.0..9. Connected to a vSwitch called Lab.
pfSense is a Hyper-V VM also hosted on fluorine with two vSwitches one is LAN and connected to the physical NIC and the other is a vSwitch connected to LAB.

Machine 10.0.0.3 is a physical Windows 10 box.

The Hyper-V host and the desktop are connected via a gigabit hub.

EDIT:

Also add that there are no floating rules and I can ping both machines from within pfSense itself in the Diagnostics menu just fine. The devices can also ping the pfSense interface as well with no issues.

12

General Questions / Re: How to configure pfSense as a router for two internal LAN subnets?

« on: January 01, 2018, 10:33:54 am »

Here's some more info. Machine snowdrop.duck.loc in network 10.0.1.0/24







On machine 10.0.0.3 in network 10.0.0.0/24:

13

General Questions / Re: How to configure pfSense as a router for two internal LAN subnets?

« on: January 01, 2018, 10:18:27 am »

your lab is actually your lan interface   Notice the anti lock out rule on it.

But your rules are fine - did you set gateway on the machines correctly.  Software firewall running on devices in the other network blocking ping from different subnet, etc..

So when pfSense first configured the LAN interface was WAN so I renamed it and added a rule to allow traffic through. The LAB interface was the LAN interface, so I renamed that too.

There are no software firewalls on the machines in the other subnets. I tested this by pinging machines within the same subnet and they worked fine, and also checked that Windows Firewall is off on all profiles.

I tried to set up a static route but I got an error saying that the IP address was on the same subnet or something to that effect.

14

General Questions / How to configure pfSense as a router for two internal LAN subnets?

« on: January 01, 2018, 09:40:32 am »

I have two interfaces: LAN & LAB. I want machines on LAB to connect to machines on LAN and vice versa. I do not have a WAN interface as that is provided by another router in network 10.0.0.0/24.

LAN interface is 10.0.0.4
LAB interface is 10.0.1.4

I cannot ping a machine in network 10.0.1.0/24 from network 10.0.0.0/24 or vice versa. What have I done wrong?

Interfaces





Routing





Firewall rules

15

Firewalling / Re: Firewall logs show blocking IP address different to my WAN intereface

« on: January 21, 2017, 11:06:29 am »

What's the netmask you get assigned by your ISP and what's the last octet from not-your-IP in the logs?

netmask is /32 (0xffffffff)
last octects that I've seen of not-my-ip address are: 168,170,171,172,174,175, etc. I don't see any 255s