I think I've moved this on some. What I did was avoid the subnet issues which I was clearly running into (and not fully understanding), I opted to use a 172.10.x.x/16 private range for the 2nd LAN. I entered the rules as per DarkFoon (Thank you) Using the rules as suggested are preventing LAN2 access to LAN while allowing Internet access. LAN does not yet seem to have LAN2 access yet though, in terms of no pings and no WINS access, which I was hoping for one way (LAN to LAN2 only) but perhaps that is just not going to happen in this dual LAN setup? Any further guidance would be appreciated please. Kind regards David
----- Original Message ----- From: "Tortise" <tort...@paradise.net.nz> To: <discussion@pfsense.com> Sent: Saturday, February 28, 2009 8:17 PM Subject: Re: [pfSense-discussion] WAN LAN1 and LAN2 (OPT1) Hi Adrian Thank you so much for your response. I think those numbers do have something to do with it, as when I enable OPT1 I loose the webserver's access and have to reset to a default and start over.... (I hate that!) I have since tried configuring as: LAN1: 10.aaa.bbb.ccc/8 LAN2: 10.(aaa+1).bbb.ccc/9 I presume I have still got it wrong. I want to keep LAN1's IP numbers as it is, as there a number of Static DHCP assignments all set, for LAN2 I don't really care what this is, and I can't imagine needing more than 20 addresses on LAN2, which may be relevant. Can you suggest further? (Of course they can be changed if necessary....) Also I assume I will need to do some LAN2 rules to 1) give access to the Internet and LAN1 rules to gain access to LAN2 however the devil may be lying in the detail to do that... Still as you say we need to get LAN2 working for a start. Kind regards David ----- Original Message ----- From: "Adrian Wenzel" <adr...@lostland.net> To: <discussion@pfsense.com> Sent: Saturday, February 28, 2009 7:05 PM Subject: Re: [pfSense-discussion] WAN LAN1 and LAN2 (OPT1) Hello, So, it seems you are configuring as such: LAN1: 10.aaa.bbb.ccc/8 LAN2: 10.xxx.yyy.zzz/8 This is not right, since /8 means a netmask of 255.0.0.0, making the network portion of each subnet only the first octet... thus the same subnet. Two devices with configured with the same subnet, and on two different physical networks will not work. You should try a netmask of 255.128.0.0, or /9 (assuming you really need all those IPs on each network). That will correct differentiate the subnets and allow routing to occur ;) We can get into separating your LANs to disallow your desired access after this is working. Thanks, Adrian ----- Original Message ----- From: "Tortise" <tort...@paradise.net.nz> To: discussion@pfsense.com Sent: Saturday, February 28, 2009 12:05:17 AM GMT -05:00 US/Canada Eastern Subject: [pfSense-discussion] WAN LAN1 and LAN2 (OPT1) Hi I have been trying to setup a WAN and two LAN. (3 NIC's) I want LAN1 to be able to access LAN2 but not the other way around. The idea is that LAN1 is less public than LAN2. i.e. visitors can connect to the "Public" LAN2 and browse the Internet etc while not having any access to LAN1 LAN 2 will have a LAN printer on it, as an example, which can receive print jobs from both LAN1 and LAN2. WAN is a static IP to Cable. LAN1 is using 10.xxx.yyy.zzz 8 and OPT was intended to use 10.aaa.bbb.ccc 8 however enabling this seems to make it all fall over, ie I lose Internet connection from LAN things become unresponsive. As an aside I tried editing /conf/config.xml however it would not save from the terminal window, does one have rights to edit the config there? I was using the ee editor. Has anyone done this sort of thing and what am I missing to get it working? In anticipation many thanks indeed. Kind regards David --------------------------------------------------------------------- To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org --------------------------------------------------------------------- To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
