Netgate SG-1000 microFirewall

Author Topic: Static route between 2 pfSense  (Read 1428 times)

0 Members and 1 Guest are viewing this topic.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9811
  • Karma: +1107/-311
    • View Profile
Re: Static route between 2 pfSense
« Reply #15 on: March 23, 2017, 03:52:13 pm »
Excellent!
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline gazoo

  • Jr. Member
  • **
  • Posts: 48
  • Karma: +0/-0
    • View Profile
Re: Static route between 2 pfSense
« Reply #16 on: February 08, 2018, 02:56:31 pm »
I know this is super old, but I have a variation on this issue.

I have an internal IP that is hooked up to another system as well, however it is not PF Sense on that side. Also, routes have been learned via RIPv2 so I don't really know how to handle the Gateway static entries, as they are not static. Any advice?

I should also say, I can reach the RIP learned routes on all internal parts of the different router interfaces. The only problem is behind the other router, it cannot get beyond PF sense hence no Internet access. I did a traceroute from one of the end points on the RIP learned routes, and internet bound traffic dies upon reaching the PF Sense interface.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9811
  • Karma: +1107/-311
    • View Profile
Re: Static route between 2 pfSense
« Reply #17 on: February 08, 2018, 04:59:53 pm »
RIPv2? Really?
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline gazoo

  • Jr. Member
  • **
  • Posts: 48
  • Karma: +0/-0
    • View Profile
Re: Static route between 2 pfSense
« Reply #18 on: February 09, 2018, 08:22:45 am »
Well, not to go into too long of a story, this is an old TDMA iDirect satellite system in which they did some really stupid networking things like using RIPv2 and even proxy ARP. Not under my control.

I've attached a diagram. So behind the RHEL server, new subnets are created fairly frequently and in order to inform the world of their creation, they are updated via RIPv2 on the front end of the RHEL server. This is actually much more fairly involved thing involving some other moving parts, but I believe this is the relevant to PFsense portion.

So my issue is, once a new subnet is created, PF is picking it via RIP but for some reason hosts on the private subnets behind the RHEL can't get anywhere on the Internet; inside any of my private nets yes, it works fine. My workaround for now was to add a GW to PF indicating specific manually added static routes for the private nets that lay behind the GW (10.10.1.11) and the route to it. For example I've added the GW RHEL and then put routes behind it for example to 192.168.1.0/24. This works ok (although for some reason DNS is not passing, but one thing at time). Just want to see if it's possible to do this same thing via RIP. It doesn't seem to work the way it is now

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9811
  • Karma: +1107/-311
    • View Profile
Re: Static route between 2 pfSense
« Reply #19 on: February 11, 2018, 04:23:02 am »
You probably need to add outbound NAT for all of the private subnets on pfSense WAN.

Manually adding the static routes very likely enabled pfSense to know what networks were downstream so they were picked up by Automatic Outbound NAT.

Nothing like that is possible when pfSense doesn't have the routes in the configuration since they are dynamically-learned.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline gazoo

  • Jr. Member
  • **
  • Posts: 48
  • Karma: +0/-0
    • View Profile
Re: Static route between 2 pfSense
« Reply #20 on: February 12, 2018, 09:12:03 am »
Seems to have auto-added them. The static route addition seemed to probably cause the auto-generation. However, DNS isn't passing all the way down for some reason. The other subnets are on other interfaces that I didn't show on the picture.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9811
  • Karma: +1107/-311
    • View Profile
Re: Static route between 2 pfSense
« Reply #21 on: February 12, 2018, 12:01:28 pm »
Sorry. No idea what "DNS isn't passing down" means. Need to know where the DNS clients are, what their configured name servers are, and what is not working to be able to have a chance at helping.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline gazoo

  • Jr. Member
  • **
  • Posts: 48
  • Karma: +0/-0
    • View Profile
Re: Static route between 2 pfSense
« Reply #22 on: February 12, 2018, 12:58:24 pm »
Sorry, the 192.168.1.0/24 subnet now passes traffic after I added the static route, but is not resolving DNS.

So, if you're a client on 192.168.1.0/24, no DNS resolution. I tried putting PF Sense as the DNS IP (10.10.1.1) and also directly to the DNS provider and no luck.

I'm still experimenting with this so I'll get back to you before I ask it again. I made a rule to tag DNS pass traffic on that interface to see if it's getting to PF via log checking. Will post when I see what's up.