pfSense Gold Subscription

Author Topic: Wan and Lan on same IP range for test lab  (Read 444 times)

0 Members and 1 Guest are viewing this topic.

Offline KOM

  • Hero Member
  • *****
  • Posts: 5497
  • Karma: +680/-23
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #15 on: December 18, 2017, 12:23:40 pm »
Perhaps you guys could help him out without the non-stop mockery and asshatism?  It's crap like this that gets a forum and product a bad name.  It really isn't that hard to help people without the goal of making them look stupid and making sure they realize it.  I normally wouldn't have said anything but you appear to be wallowing in this guy's lack of knowledge.

As for dok, he was a perfect example of weaponized autism.  He was very good at networking, and a total failure at relating to and interacting with people.  I won't miss him for a nanosecond, no matter how smart he was.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9565
  • Karma: +1084/-309
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #16 on: December 18, 2017, 12:47:09 pm »
What concerned me was the initial comment about 'taking over a bit of network infrastructure'. Surely to be in that position it is assumed that you know the basic principles at least.

Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline KOM

  • Hero Member
  • *****
  • Posts: 5497
  • Karma: +680/-23
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #17 on: December 18, 2017, 02:15:34 pm »
Instead of silently smiting me like a coward, perhaps you could use your big-boy voice and explain why I'm wrong?

Offline ivor

  • Administrator
  • Hero Member
  • *****
  • Posts: 662
  • Karma: +141/-129
    • View Profile
    • Netgate
Re: Wan and Lan on same IP range for test lab
« Reply #18 on: December 18, 2017, 02:26:21 pm »
As for dok, he was a perfect example of weaponized autism.  He was very good at networking, and a total failure at relating to and interacting with people.  I won't miss him for a nanosecond, no matter how smart he was.

Funny and true.

Instead of silently smiting me like a coward, perhaps you could use your big-boy voice and explain why I'm wrong?

Everyone should chill. Let's all be nice to each other.
Need help fast? Commercial support: https://www.netgate.com/support/

Offline JKnott

  • Hero Member
  • *****
  • Posts: 1076
  • Karma: +43/-6
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #19 on: December 18, 2017, 02:35:18 pm »
Instead of silently smiting me like a coward, perhaps you could use your big-boy voice and explain why I'm wrong?

Well let's start with:
Quote
So I have just taken over a bit of network infrastructure (a couple of servers and such) that needs a bit of TLC and I want to setup a test lab that is an exact replica of a production environment on vsphere, using pfsense as a virtual router to block all network traffic between the two but allowing access to http and https so I can pull in  windows and linux server updates for testing before deploying to production.

When I see something like that, I would expect the person to have at least some understanding of networks.  I then mention a couple of times that you can't have the same addresses on the LAN and WAN sides of a router.  Others said similar.  However the reason for that is the way routers work.  They maintain a list of which was to connect to a given address range.  For home or small office networks, it normally only has to deal with the local network and the default gateway.  Regardless, it still has to know which direction, based on the network address.  So, if he has 172.16.0.0/16 on the WAN side and again on the LAN side, how does the router know which is the proper direction?  The only exception would be where the masks are a different length, because routers rely on longest match.  So, in this case, it might be possible to have 172.16.0.0 /16 on one side and 172.16.x.0 /24 on the other.  In this situation, it says everything 172.16.0.0 /16 on one port, except 172.16.x.0 /24 which is on the other.  This works only because the net mask allows the router to make the distinction.  This also means that any address in the /24 network cannot be on the /16 side.

Bottom line, he can't have the same address ranges on both sides of the router.


Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9565
  • Karma: +1084/-309
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #20 on: December 18, 2017, 02:39:27 pm »
Quote
The only exception would be where the masks are a different length, because routers rely on longest match.  So, in this case, it might be possible to have 172.16.0.0 /16 on one side and 172.16.x.0 /24 on the other.  In this situation, it says everything 172.16.0.0 /16 on one port, except 172.16.x.0 /24 which is on the other.  This works only because the net mask allows the router to make the distinction.  This also means that any address in the /24 network cannot be on the /16 side.
And the subnets would not be able to talk to each other without specific host routes because anything on 172.16.0.0/16 would think 172.16.x.0/24 was same-subnet traffic and would not send it to the router.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline KOM

  • Hero Member
  • *****
  • Posts: 5497
  • Karma: +680/-23
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #21 on: December 18, 2017, 03:22:49 pm »
Quote
Bottom line, he can't have the same address ranges on both sides of the router.

So he deserves endless mockery & grief because he's new at networking and got something basic wrong?  That's what I'm talking about here.  The need to rub someone's face in their mistake and taking pleasure in shaming them by pointing out what a noob they are and how little they know.  What is the point of that behaviour?  I see it on tech forums all the time.  It's petty and counter-productive to growing a community.

And if anyone was about to roll out the Snowflake label, I can roll with the punches myself.  This guy was brand-new and was asking his first question, and he gets jumped on.  I'm not the least bit surprised that he hasn't responded back.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9565
  • Karma: +1084/-309
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #22 on: December 18, 2017, 03:28:57 pm »
I just got a job as a mechanic in a local shop.

What is the difference between a 7/16" socket wrench and a Phillips head screwdriver?
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

marjohh

  • Guest
Re: Wan and Lan on same IP range for test lab
« Reply #23 on: December 18, 2017, 03:31:50 pm »
It depends, what size Phillips head screwdriver?

Offline ivor

  • Administrator
  • Hero Member
  • *****
  • Posts: 662
  • Karma: +141/-129
    • View Profile
    • Netgate
Re: Wan and Lan on same IP range for test lab
« Reply #24 on: December 18, 2017, 03:33:42 pm »
Locking this thread for obvious reasons. If mattie01 comes back, please send me a pm to unlock. Thanks!
Need help fast? Commercial support: https://www.netgate.com/support/