[pfSense Support] multi gateway LAN routing
When setting up a pfS on a lan w/ a default
gateway already installed, I would think that you
would want to add a static route entry to point
the LAN subnet to the OTHER (fwall) default
router.
EXAMPLE:
I have an existing LAN w/ a working GW/FW and I
have installed a pfS box for the sole purpose of
connecting another SOHO VPN (LAN segment)
connection onto the LAN.
|--fwall--/DHCP IP/--{INTERNET}--\DHCP
IP\--fwall--|
|
|-SOHOLAN 192.168.10/24
|--pfS--/static IP/--{VPN2SOHO}--\static
IP\--pfS--|
|
|--LOCALLAN 192.168.1.0/24 segment--[other hosts]
I have done this many time before with earlier
versions of pfS and m0n0, in the sense that I can
SIMPLY add a route on the fwall theat points to
the pfS for the remote LAN segment. The defaultfor
each local NET is the fwall by virtue of the DHCP
addresses being handed out by the fwall on each
LAN NET. I then add static routes on each pfSense
box to say that the local LAN segment in eash site
is served by the fwall and NOT pfSense.
So the traffic from all LAN hosts on each net
would go to the firewall for internet (default)
traffic and to the pfSense box for accessing the
tunneled LAN subnet addresses.
I hope that you can all understatnd what it is I'm
trying to accomplish, eg: I DO NOT want to (CAN
NOT) remove the working firewalls from the 2
networks, and simply want the networks to be able
to talk over a secure VPN tunnel.
SOME MORE BACKGROUND:
LOCALLAN:
pfSense IP: 192.168.1.222/24
fwall IP: 192.168.1.1/24
pfS staticroute: LAN192.168.1.0/24 via
192.168.1.1/24
SOHOLAN:
pfSense IP: 192.168.10.222/24
fwall IP: 192.168.10.1/24
pfS staticroute: LAN192.168.10.0/24 via
192.168.10.1/24
P.S. - both pfS boxes are multihomed, but just the
LAN WAN (fxp0 fxp1) interfaces are configured.
THE PROBLEM:
When I add a static route to pfS it goes into a
frenzy and is unreachable and itself is blind to
the LAN segment.
I get errors when trying to reboot the LOCALLAN
pfSense on the console like:
arplookup:192.168.1.1 failed: host is not on
local network
arpresolve:can't allocate route for 192.168.1.1
I hope this isn't to confusing ... I'd be glad to
answer any further questions.
Seems to me that routing is broken in pfSense as
this woks fine w/ FreeBSD6 stable. I've seen this
behavior since the jump to 6 stable, but it seems
that routing on vanilla FreeBSD6 is working with
the above config . at a loss.
--
David L. Strout
Engineering Systems Plus, LLC
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] multi gateway LAN routing
You might try changing how Outlook sends attachments. winmail.dat doesn't help most people :) --Bill On 12/3/05, DLStrout [EMAIL PROTECTED] wrote: Hope this gif image is a better rep of what I was trying to convey ... -Original Message- From: David Strout [mailto:[EMAIL PROTECTED] Sent: Saturday, December 03, 2005 7:57 AM To: support@pfsense.com Subject: [pfSense Support] multi gateway LAN routing When setting up a pfS on a lan w/ a default gateway already installed, I would think that you would want to add a static route entry to point the LAN subnet to the OTHER (fwall) default router. EXAMPLE: I have an existing LAN w/ a working GW/FW and I have installed a pfS box for the sole purpose of connecting another SOHO VPN (LAN segment) connection onto the LAN. I have done this many time before with earlier versions of pfS and m0n0, in the sense that I can SIMPLY add a route on the fwall theat points to the pfS for the remote LAN segment. The defaultfor each local NET is the fwall by virtue of the DHCP addresses being handed out by the fwall on each LAN NET. I then add static routes on each pfSense box to say that the local LAN segment in eash site is served by the fwall and NOT pfSense. So the traffic from all LAN hosts on each net would go to the firewall for internet (default) traffic and to the pfSense box for accessing the tunneled LAN subnet addresses. I hope that you can all understatnd what it is I'm trying to accomplish, eg: I DO NOT want to (CAN NOT) remove the working firewalls from the 2 networks, and simply want the networks to be able to talk over a secure VPN tunnel. SOME MORE BACKGROUND: LOCALLAN: pfSense IP: 192.168.1.222/24 fwall IP: 192.168.1.1/24 pfS staticroute: LAN192.168.1.0/24 via 192.168.1.1/24 SOHOLAN: pfSense IP: 192.168.10.222/24 fwall IP: 192.168.10.1/24 pfS staticroute: LAN192.168.10.0/24 via 192.168.10.1/24 P.S. - both pfS boxes are multihomed, but just the LAN WAN (fxp0 fxp1) interfaces are configured. THE PROBLEM: When I add a static route to pfS it goes into a frenzy and is unreachable and itself is blind to the LAN segment. I get errors when trying to reboot the LOCALLAN pfSense on the console like: arplookup:192.168.1.1 failed: host is not on local network arpresolve:can't allocate route for 192.168.1.1 I hope this isn't to confusing ... I'd be glad to answer any further questions. Seems to me that routing is broken in pfSense as this woks fine w/ FreeBSD6 stable. I've seen this behavior since the jump to 6 stable, but it seems that routing on vanilla FreeBSD6 is working with the above config . at a loss. -- David L. Strout Engineering Systems Plus, LLC - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] multi gateway LAN routing
post your config? At 10:17 AM 12/3/2005, you wrote: You might try changing how Outlook sends attachments. winmail.dat doesn't help most people :) --Bill On 12/3/05, DLStrout [EMAIL PROTECTED] wrote: Hope this gif image is a better rep of what I was trying to convey ... -Original Message- From: David Strout [mailto:[EMAIL PROTECTED] Sent: Saturday, December 03, 2005 7:57 AM To: support@pfsense.com Subject: [pfSense Support] multi gateway LAN routing When setting up a pfS on a lan w/ a default gateway already installed, I would think that you would want to add a static route entry to point the LAN subnet to the OTHER (fwall) default router. EXAMPLE: I have an existing LAN w/ a working GW/FW and I have installed a pfS box for the sole purpose of connecting another SOHO VPN (LAN segment) connection onto the LAN. I have done this many time before with earlier versions of pfS and m0n0, in the sense that I can SIMPLY add a route on the fwall theat points to the pfS for the remote LAN segment. The defaultfor each local NET is the fwall by virtue of the DHCP addresses being handed out by the fwall on each LAN NET. I then add static routes on each pfSense box to say that the local LAN segment in eash site is served by the fwall and NOT pfSense. So the traffic from all LAN hosts on each net would go to the firewall for internet (default) traffic and to the pfSense box for accessing the tunneled LAN subnet addresses. I hope that you can all understatnd what it is I'm trying to accomplish, eg: I DO NOT want to (CAN NOT) remove the working firewalls from the 2 networks, and simply want the networks to be able to talk over a secure VPN tunnel. SOME MORE BACKGROUND: LOCALLAN: pfSense IP: 192.168.1.222/24 fwall IP: 192.168.1.1/24 pfS staticroute: LAN192.168.1.0/24 via 192.168.1.1/24 SOHOLAN: pfSense IP: 192.168.10.222/24 fwall IP: 192.168.10.1/24 pfS staticroute: LAN192.168.10.0/24 via 192.168.10.1/24 P.S. - both pfS boxes are multihomed, but just the LAN WAN (fxp0 fxp1) interfaces are configured. THE PROBLEM: When I add a static route to pfS it goes into a frenzy and is unreachable and itself is blind to the LAN segment. I get errors when trying to reboot the LOCALLAN pfSense on the console like: arplookup:192.168.1.1 failed: host is not on local network arpresolve:can't allocate route for 192.168.1.1 I hope this isn't to confusing ... I'd be glad to answer any further questions. Seems to me that routing is broken in pfSense as this woks fine w/ FreeBSD6 stable. I've seen this behavior since the jump to 6 stable, but it seems that routing on vanilla FreeBSD6 is working with the above config . at a loss. -- David L. Strout Engineering Systems Plus, LLC - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
