The pfSense Store

Author Topic: Wan and Lan on same IP range for test lab  (Read 182 times)

0 Members and 1 Guest are viewing this topic.

Offline mattie01

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Wan and Lan on same IP range for test lab
« on: December 07, 2017, 09:05:08 am »
Hi All,
So I have just taken over a bit of network infrastructure (a couple of servers and such) that needs a bit of TLC and I want to setup a test lab that is an exact replica of a production environment on vsphere, using pfsense as a virtual router to block all network traffic between the two but allowing access to http and https so I can pull in  windows and linux server updates for testing before deploying to production.

I've had a quick look around the internet and on the forum, there are lots of references advising it is easy to do with PFsense but I haven't had much luck setting it up I guess I am missing something stupid.


So my normal network is a 172.16.x.x 255.255.0.0 with the default gateway address as 172.16.0.1, if I have the wan pickup an ip address of say 172.16.252.252 and have the pfsense interface run on 192.168.1.1 i can see the pfsense from an internal machine and can browse the internet, (I haven't placed any firewall rules in place to block anything as I wanted to wait until I can get the internet network working on the 172.16.0.x range) but everytime I try and set this up then I lose all network access to the pfsense from the machines on the inside LAN. I can still access it via vsphere.

Ideally I want the internal lan address of the pfsense to be 172.16.0.1 so that it mimics my live environment and I don't then need to change the gateway on any of the VMwares I deploy to this test lab.

I believe I have the vmware site setup correctly. with 3 switches, 1 for vsphere management connected to a real nic, 1 switch for the wan side of the pfsense vm connected to a different real nic, and another virtual switch with no real nic's assigned to it which I put all the internal test lab devices on, so the only connection they have to a working nic is via the vswitch on the WAN side of pfsense.

Also I should mention there are no VLANS on the network, that is my next project to get sorted but wanted a test lab up and running first.

As I said I am guessing I am missing something as everything I have read seems to point to say this is all possible so if anyone can help on what I am doing wrong that would be great.

thanks for taking a look.


Offline JKnott

  • Hero Member
  • *****
  • Posts: 984
  • Karma: +36/-4
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #1 on: December 07, 2017, 09:42:17 am »
You cannot have the same network address on both sides of a router.  It won't know which way to forward a packet.

Offline mattie01

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #2 on: December 15, 2017, 09:27:54 am »
Would it be something I could do, if I could setup an additional range of ip addresses on my normal network to be something like 172.16.240.x  as well as 172.16.0.x and then have the 172.16.240.x address assigned as the outside gateway of the virtual pfsense, then use the 172.16.0.1 as the inside interface of the pfsense?

Offline JKnott

  • Hero Member
  • *****
  • Posts: 984
  • Karma: +36/-4
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #3 on: December 15, 2017, 09:38:37 am »
Would it be something I could do, if I could setup an additional range of ip addresses on my normal network to be something like 172.16.240.x  as well as 172.16.0.x and then have the 172.16.240.x address assigned as the outside gateway of the virtual pfsense, then use the 172.16.0.1 as the inside interface of the pfsense?

You cannot have 176.16.240.x on both interfaces.  They must be different.  You could have 172.16.240.x on the WAN and 172.16.0.x on the LAN.

Once again, you cannot have the same address range on both sides of a router.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14479
  • Karma: +1342/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #4 on: December 16, 2017, 03:20:12 am »
/16 Why??  That would be the first thing I would freaking fix on some network I took over..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 546
  • Karma: +53/-2
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #5 on: December 16, 2017, 04:47:26 am »
Quote
So I have just taken over a bit of network infrastructure (a couple of servers and such) that needs a bit of TLC

I would start off by studying how networks operate first. Trying to put both LAN and WAN on the same address range shows a basic lack of understanding.

Frightening...
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14479
  • Karma: +1342/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #6 on: December 16, 2017, 07:41:05 am »
heheh marjohn56... I wanted to say the same thing.. But trying to be nicer and less blunt.. But that did get you a applaud from me.. And made me smile. thanks!
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 546
  • Karma: +53/-2
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #7 on: December 16, 2017, 07:56:39 am »
Yes, I miss the Doc.... Occasionally it needs to be said the way it is.
pfSense 2.4.3 on Qotom Q355G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.
Please do not PM me for help. I have a life to live too.

Offline jahonix

  • Hero Member
  • *****
  • Posts: 2444
  • Karma: +146/-14
  • volunteer since 2006
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #8 on: December 16, 2017, 08:47:40 am »
Only very few don't and I'm not one of them.
Chris

The issue with IPv6 jokes is that almost no one understands them and no one is using them yet.

Offline jahonix

  • Hero Member
  • *****
  • Posts: 2444
  • Karma: +146/-14
  • volunteer since 2006
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #9 on: December 16, 2017, 08:52:24 am »
You could have 172.16.240.x on the WAN and 172.16.0.x on the LAN.
No, he cannot!
His network is defined as 172.16.0.0 /16. They would still be on the same broadcast domain unless he'd change the network size to something smaller and not overlapping.
Chris

The issue with IPv6 jokes is that almost no one understands them and no one is using them yet.

Offline JKnott

  • Hero Member
  • *****
  • Posts: 984
  • Karma: +36/-4
    • View Profile
Re: Wan and Lan on same IP range for test lab
« Reply #10 on: December 16, 2017, 01:49:04 pm »
You could have 172.16.240.x on the WAN and 172.16.0.x on the LAN.
No, he cannot!
His network is defined as 172.16.0.0 /16. They would still be on the same broadcast domain unless he'd change the network size to something smaller and not overlapping.

I believe that /16 came from the part where he was talking about 172.16.x.x, implying a /16.  I referred to 172.16.0.x and 172.16.240.x, both of which imply /24 and would work fine.