Netgate SG-1000 microFirewall

Author Topic: Cross subnet access problem  (Read 123 times)

0 Members and 1 Guest are viewing this topic.

Offline svarto

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Cross subnet access problem
« on: February 13, 2018, 03:29:28 pm »
Hello all,

Apologies for a probably (and hopefully) a beginners question to pfsense.

I have problem accessing another subnet (e.g. 172.16.0.0) when I am in the other subnet (e.g. 10.0.0.0). I have tried almost everything, opened up firewalls, clicking on and off options, that I finally just thought I would post on the forum to hope someone can help me.

The weird thing is that, independent which subnet I am connected to, I can always get to the pfsense webgui (i.e. on 172.16.0.1 when I am on 10.0.0.0 and vice versa works!).

I have attached the following:
  • Network map
  • Hypervisor (Proxmox) NIC setup
  • pfSense NICs
  • pfSense LAN and OPT1 settings
  • pfSense reserved networks unchecked

Additional information is that I have 6 NICs, two built into the motherboard and then 4 on a separate PCI express Intel card. Pfsense is virtualized on proxmox and that is how I have these Virtio NICs.

My problems:
  • I cannot connect from one subnet to the other
  • Within subnet 10.0.0.0, proxmox interface is not available on 10.0.0.3, however it is available when I am in subnet 172.16.0.0 (the TP-Link in bridge mode) - very weird

I am really grateful for your help!!
« Last Edit: February 13, 2018, 11:30:54 pm by svarto »

Offline marvosa

  • Hero Member
  • *****
  • Posts: 776
  • Karma: +42/-0
    • View Profile
Re: Cross subnet access problem
« Reply #1 on: February 13, 2018, 04:22:05 pm »
We will need a network map to offer any targeted troubleshooting, but I suspect you have a networking issue.

What you should have is each NIC connected to a separate vSwitch and then physically connected to either separate unmanaged switches or connected to a managed switch configured with VLAN's.

If you have your NIC's connected to the same switch (either physically or virtually), it's not going to work.
« Last Edit: February 14, 2018, 06:41:44 am by marvosa »

Offline svarto

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Cross subnet access problem
« Reply #2 on: February 13, 2018, 11:28:08 pm »
Hi Marvosa,

Thank you very much for helping out, I added a network map - please let me know if this makes sense now or if you need more information.

Offline svarto

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Cross subnet access problem
« Reply #3 on: February 14, 2018, 01:16:33 am »
I actually solved it!

I did plenty of steps, but in the end it worked out, I order them by relevance to this topic:

Now I will start playing around with the Firewalls  :)