Netgate SG-1000 microFirewall

Author Topic: Trying to get internet on a new interface other than LAN, getting close  (Read 143 times)

0 Members and 1 Guest are viewing this topic.

Offline imabev

  • Newbie
  • *
  • Posts: 10
  • Karma: +1/-0
    • View Profile
I have an interface named STORE, its IP is I have internet on that network interface. I have a downstream network CRIT CRIT is connected to STOR through switching; CRIT routes to STORE and I can access resources between CRIT and STORE. I need internet on CRIT.

On the pfsense firewall logs I am seeing a lot of blocks on the STORE interface FROM to an address on the CRIT network I *think* it's because the pfsense doesn't know that I have this downstream network behind STORE. On my switch CRIT is a VLAN. I think I need to tell pfsense this is a good network. How do I tell pfsense this is a good network?

**Edit confirming I dont think pfSense knows how to get to - the switch address on the network.

** EDIT SOLVED! I just needed to type it out. I needed to add a route in pfSense > on the STOR network I create a gateway to the upstream switch knows how to get to so we're all good. It's a pretty specific solution but maybe it will turn on a light for someone.
« Last Edit: November 21, 2017, 10:17:00 am by imabev »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15486
  • Karma: +1436/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Trying to get internet on a new interface other than LAN, getting close
« Reply #1 on: November 23, 2017, 08:13:59 am »
" its IP is"

that is not a valid IP... That is a network address.

.1 to .30 wold be valid interface address.. .0 is the wire/network while .31 would be the broadcast.

If you want to use as your transit network that is fine but pfsense interface should be .1 while your downstream would be .2 -- using .0 as host address is not a good idea..

/27 is a pretty large transit - do you have lots of routers on this network?  Or hosts?  With hosts your going to run into asymmetrical routing problems unless all of them have host routes to to use the downstream router IP as gateway to get to those networks behind it, etc.

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-3100 Shipped 3/15 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)