pfSense Support Subscription

Author Topic: Trying to get internet on a new interface other than LAN, getting close  (Read 122 times)

0 Members and 1 Guest are viewing this topic.

Offline imabev

  • Newbie
  • *
  • Posts: 10
  • Karma: +1/-0
    • View Profile
I have an interface named STORE, its IP is 10.1.0.0/27. I have internet on that network interface. I have a downstream network CRIT 10.1.0.96/27. CRIT is connected to STOR through switching; CRIT routes to STORE and I can access resources between CRIT and STORE. I need internet on CRIT.

On the pfsense firewall logs I am seeing a lot of blocks on the STORE interface FROM 8.8.4.4 to an address on the CRIT network 10.1.0.99. I *think* it's because the pfsense doesn't know that I have this downstream network behind STORE. On my switch CRIT is a VLAN. I think I need to tell pfsense this is a good network. How do I tell pfsense this is a good network?

**Edit confirming I dont think pfSense knows how to get to 10.1.0.97 - the switch address on the 10.1.0.96/27 network.

** EDIT SOLVED! I just needed to type it out. I needed to add a route in pfSense > on the STOR network I create a gateway to the upstream switch 10.1.0.1. 10.1.0.1 knows how to get to 10.1.0.96/27 so we're all good. It's a pretty specific solution but maybe it will turn on a light for someone.
« Last Edit: November 21, 2017, 10:17:00 am by imabev »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14460
  • Karma: +1339/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Trying to get internet on a new interface other than LAN, getting close
« Reply #1 on: November 23, 2017, 08:13:59 am »
" its IP is 10.1.0.0/27"

that is not a valid IP... That is a network address.

.1 to .30 wold be valid interface address.. .0 is the wire/network while .31 would be the broadcast.

If you want to use 10.1.0.0/27 as your transit network that is fine but pfsense interface should be .1 while your downstream would be .2 -- using .0 as host address is not a good idea..

/27 is a pretty large transit - do you have lots of routers on this network?  Or hosts?  With hosts your going to run into asymmetrical routing problems unless all of them have host routes to to use the downstream router IP as gateway to get to those networks behind it, etc.

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)