RE: [pfSense Support] multi gateway LAN routing
Hope this gif image is a better rep of what I was trying to convey ... -Original Message- From: David Strout [mailto:[EMAIL PROTECTED] Sent: Saturday, December 03, 2005 7:57 AM To: support@pfsense.com Subject: [pfSense Support] multi gateway LAN routing When setting up a pfS on a lan w/ a default gateway already installed, I would think that you would want to add a "static route" entry to point the LAN subnet to the "OTHER" (fwall) default router. EXAMPLE: I have an existing LAN w/ a working GW/FW and I have installed a pfS box for the sole purpose of connecting another SOHO VPN (LAN segment) connection onto the LAN. I have done this many time before with earlier versions of pfS and m0n0, in the sense that I can SIMPLY add a route on the fwall theat points to the pfS for the remote LAN segment. The defaultfor each local NET is the fwall by virtue of the DHCP addresses being handed out by the fwall on each LAN NET. I then add static routes on each pfSense box to say that the local LAN segment in eash site is served by "the fwall" and NOT pfSense. So the traffic from all LAN hosts on each net would go to the firewall for internet (default) traffic and to the pfSense box for accessing the tunneled LAN subnet addresses. I hope that you can all understatnd what it is I'm trying to accomplish, eg: I DO NOT want to (CAN NOT) remove the working firewalls from the 2 networks, and simply want the networks to be able to talk over a secure VPN tunnel. SOME MORE BACKGROUND: LOCALLAN: pfSense IP: 192.168.1.222/24 fwall IP: 192.168.1.1/24 pfS staticroute: LAN<>192.168.1.0/24 via 192.168.1.1/24 SOHOLAN: pfSense IP: 192.168.10.222/24 fwall IP: 192.168.10.1/24 pfS staticroute: LAN<>192.168.10.0/24 via 192.168.10.1/24 P.S. - both pfS boxes are multihomed, but just the LAN & WAN (fxp0 & fxp1) interfaces are configured. THE PROBLEM: When I add a static route to pfS it goes into a frenzy and is unreachable and itself is blind to the LAN segment. I get errors when trying to reboot the LOCALLAN pfSense on the console like: "arplookup:192.168.1.1 failed: host is not on local network" "arpresolve:can't allocate route for 192.168.1.1" I hope this isn't to confusing ... I'd be glad to answer any further questions. Seems to me that routing is broken in pfSense as this woks fine w/ FreeBSD6 stable. I've seen this behavior since the jump to 6 stable, but it seems that routing on vanilla FreeBSD6 is working with the above config . at a loss. -- David L. Strout Engineering Systems Plus, LLC - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <>- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] multi gateway LAN routing
You might try changing how Outlook sends attachments. winmail.dat doesn't help most people :) --Bill On 12/3/05, DLStrout <[EMAIL PROTECTED]> wrote: > > Hope this gif image is a better rep of what I was trying to convey ... > > -Original Message- > From: David Strout [mailto:[EMAIL PROTECTED] > Sent: Saturday, December 03, 2005 7:57 AM > To: support@pfsense.com > Subject: [pfSense Support] multi gateway LAN routing > > When setting up a pfS on a lan w/ a default > gateway already installed, I would think that you > would want to add a "static route" entry to point > the LAN subnet to the "OTHER" (fwall) default > router. > > EXAMPLE: > I have an existing LAN w/ a working GW/FW and I > have installed a pfS box for the sole purpose of > connecting another SOHO VPN (LAN segment) > connection onto the LAN. > > > > I have done this many time before with earlier > versions of pfS and m0n0, in the sense that I can > SIMPLY add a route on the fwall theat points to > the pfS for the remote LAN segment. The defaultfor > each local NET is the fwall by virtue of the DHCP > addresses being handed out by the fwall on each > LAN NET. I then add static routes on each pfSense > box to say that the local LAN segment in eash site > is served by "the fwall" and NOT pfSense. > > So the traffic from all LAN hosts on each net > would go to the firewall for internet (default) > traffic and to the pfSense box for accessing the > tunneled LAN subnet addresses. > > I hope that you can all understatnd what it is I'm > trying to accomplish, eg: I DO NOT want to (CAN > NOT) remove the working firewalls from the 2 > networks, and simply want the networks to be able > to talk over a secure VPN tunnel. > > SOME MORE BACKGROUND: > LOCALLAN: > pfSense IP: 192.168.1.222/24 > fwall IP: 192.168.1.1/24 > pfS staticroute: LAN<>192.168.1.0/24 via > 192.168.1.1/24 > SOHOLAN: > pfSense IP: 192.168.10.222/24 > fwall IP: 192.168.10.1/24 > pfS staticroute: LAN<>192.168.10.0/24 via > 192.168.10.1/24 > > P.S. - both pfS boxes are multihomed, but just the > LAN & WAN (fxp0 & fxp1) interfaces are configured. > > THE PROBLEM: > When I add a static route to pfS it goes into a > frenzy and is unreachable and itself is blind to > the LAN segment. > > I get errors when trying to reboot the LOCALLAN > pfSense on the console like: > "arplookup:192.168.1.1 failed: host is not on > local network" > "arpresolve:can't allocate route for 192.168.1.1" > > I hope this isn't to confusing ... I'd be glad to > answer any further questions. > > Seems to me that routing is broken in pfSense as > this woks fine w/ FreeBSD6 stable. I've seen this > behavior since the jump to 6 stable, but it seems > that routing on vanilla FreeBSD6 is working with > the above config . at a loss. > > -- > David L. Strout > Engineering Systems Plus, LLC > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] multi gateway LAN routing
post your config? At 10:17 AM 12/3/2005, you wrote: You might try changing how Outlook sends attachments. winmail.dat doesn't help most people :) --Bill On 12/3/05, DLStrout <[EMAIL PROTECTED]> wrote: > > Hope this gif image is a better rep of what I was trying to convey ... > > -Original Message- > From: David Strout [mailto:[EMAIL PROTECTED] > Sent: Saturday, December 03, 2005 7:57 AM > To: support@pfsense.com > Subject: [pfSense Support] multi gateway LAN routing > > When setting up a pfS on a lan w/ a default > gateway already installed, I would think that you > would want to add a "static route" entry to point > the LAN subnet to the "OTHER" (fwall) default > router. > > EXAMPLE: > I have an existing LAN w/ a working GW/FW and I > have installed a pfS box for the sole purpose of > connecting another SOHO VPN (LAN segment) > connection onto the LAN. > > > > I have done this many time before with earlier > versions of pfS and m0n0, in the sense that I can > SIMPLY add a route on the fwall theat points to > the pfS for the remote LAN segment. The defaultfor > each local NET is the fwall by virtue of the DHCP > addresses being handed out by the fwall on each > LAN NET. I then add static routes on each pfSense > box to say that the local LAN segment in eash site > is served by "the fwall" and NOT pfSense. > > So the traffic from all LAN hosts on each net > would go to the firewall for internet (default) > traffic and to the pfSense box for accessing the > tunneled LAN subnet addresses. > > I hope that you can all understatnd what it is I'm > trying to accomplish, eg: I DO NOT want to (CAN > NOT) remove the working firewalls from the 2 > networks, and simply want the networks to be able > to talk over a secure VPN tunnel. > > SOME MORE BACKGROUND: > LOCALLAN: > pfSense IP: 192.168.1.222/24 > fwall IP: 192.168.1.1/24 > pfS staticroute: LAN<>192.168.1.0/24 via > 192.168.1.1/24 > SOHOLAN: > pfSense IP: 192.168.10.222/24 > fwall IP: 192.168.10.1/24 > pfS staticroute: LAN<>192.168.10.0/24 via > 192.168.10.1/24 > > P.S. - both pfS boxes are multihomed, but just the > LAN & WAN (fxp0 & fxp1) interfaces are configured. > > THE PROBLEM: > When I add a static route to pfS it goes into a > frenzy and is unreachable and itself is blind to > the LAN segment. > > I get errors when trying to reboot the LOCALLAN > pfSense on the console like: > "arplookup:192.168.1.1 failed: host is not on > local network" > "arpresolve:can't allocate route for 192.168.1.1" > > I hope this isn't to confusing ... I'd be glad to > answer any further questions. > > Seems to me that routing is broken in pfSense as > this woks fine w/ FreeBSD6 stable. I've seen this > behavior since the jump to 6 stable, but it seems > that routing on vanilla FreeBSD6 is working with > the above config . at a loss. > > -- > David L. Strout > Engineering Systems Plus, LLC > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
