@Antibiotic hey there,
no need to close in my opinion. 😊
I feel @johnpoz is indeed trying to give you assistance. BUT: considering you (same here, I am no IT guy, no professional background, just for the fun of it) have some lacking knowledge about the how-tos and whys...well it needs some lecturing, taking some courses (networking for beginners ;)). Sure: just go to youtube, watch a "how-to" vid and repeat those settings...will work for now (maybe), but without at least a basic understanding it will not really help you.
As with many things in life: basics are important.
Now, me being a newbie as well, I give it a try:
An information packet (iE PING) is sent from LAN 1 (172.28.0.0/22, set for LAN BEHIND L3 switch /WLAN Router) to LAN 2 (172.29.1.0/24).
It goes like this:
Host A (172.28.1.100/24) sends to host C with 172.29.1.100/24...>>>> Host A sees: Upsie, in my network there is no 172.29.1.100, don't even know any 172.29.0.0 for I only know 172.28.1.0/24 addresses...so, sends it to the default gateway (L3 switch with 172.28.1.1/24, host A knows THAT).
Packet is now at L3 switch which knows 172.28.1.0/24 and 172.28.2.0/24 and transfer net 172.26.1.0/29. Nothing else. BUT the needed address is for 172.29.100/24 (host C)...so again, doesn't know it, sends it to its default gateway >>>> pfsense with 172.26.1.1/29.
Pfsense gets that ping packet to 172.29.100/24. And pfsense DOES know that network >>> sends it to L2 switch (which knows 172.29.1.100/24 as well) so finally the ping packet reaches host C. YEAH!
BUT...to see a successful PING on host A...host C needs to send some information back. Damn... 😖
Ok, host C sends back to 172.28.1.100/24....does not know that one, so via L2 switch back to gateway (pfsense on 172.29.1.1/24).
Pfsense receives that answer...BUT, damn it, does not know 172.28.1.0/24, for (as stated) only knows 172.26.0/29 and 172.29.1.0/24. So without a static route as info WHERE to send it...it would be sent to its default gateway and off to WAN it goes to the internet...but wait, its a private address, so it gets discarded and your Ping will show an error. 😥 Buhu.
SO: you need to tell PFSENSE that packets to 172.28.0.0/22 must NOT go to its default gateway BUT instead to that L2 switch on 172.26.1.0/29...THAT is why you need to set that static Route on pfsense.
With that wisdom, pfsense sends the answer to your PING NOT out to the WAN, but knows that this should go out to L3 switch.
L3 switch now gets that answer packet...and it knows that network!! So it is handed down to host A....and you see that PING is working...
Now, this is written by a noob. So all you pros out there: sorry, way to simple, in reality way more to it. But I just wanted to show WHY it (static route) must be set on pfsense in this setting (and not somewhere else).
@johnpoz explained just that (with lesser words but nevertheless absolutely correct) > we noobs always use more words for their lack of professional terms and language 🙄 .
You can chose ANY private network address space you want...as long as you do it consistently: one for transfer network (/29), one for LAN1 behind L3 switch (another router), one for LAN 2 behind L3 switch. And, of course one for LAN 3 behind pfsense (including that L2 switch and host C). You should make sure, that those are not overlapping. Meaning: use different networks.
So, hopefully you see: understanding how packets travel behind the scenes helps understanding how it works making it much easier to set it right. Just telling "put 172...here, and check here...then put 172.1 there..." might look like a solution, but only for a few moments.
Or to put it with that saying:
“If you give a man a fish, you feed him for a day. If you teach a man to fish, you feed him for a lifetime.” And (in my understanding) that's what @johnpoz tried to do.
hopefully I did not f**** it up... 😬 😀
Happy Easter everyone!