Hi!
I have a problem with pfSense & static routing. Here is my setup:
1 HP 2650 switch (no routing)
1 HP 2910al (L3 Switching / Routing)
1 pfSense PC
Physically
==========
HP 2910AL <--> HP 2550 <--> pfSense <--> Internet
Logically (Routing)
===================
2910AL <--> Default VLAN <--> pfSense <--> Internet
VLAN2 <--> 2910AL
VLAN3 <--> 2910AL
Default VLAN: 192.168.0.0/24
2910AL = 192.168.0.11
pfSense = 192.168.0.222
VLAN 2: 192.168.2.0/24
2910AL = 192.168.2.1
VLAN 3: 192.168.3.0/24
2910AL = 192.168.3.1
DHCP Scopes are configured on our DHCP server for all VLANs. It works well.
Static route on pfSense:
interface LAN
Destination network: 192.168.2.0/24
Gateway: 192.168.0.11
interface LAN
Destination network: 192.168.3.0/24
Gateway: 192.168.0.11
I use Manual outbound nat.
There is no firewall rules on the VLAN interface (well, everything is
permitted for now!).
The 2910AL has the pfSense box address' (192.168.0.222) as default gateway.
The pfSense box is plugged into the 2650 on the default VLAN where
majority of PCs / servers we own are plugged now. I have a couple of
PCs / servers on the 2910AL too (default VLAN).
I just added 2 new VLANs and now the 2650 and the 2910al are hooked by a
trunk (802.1Q).
The 2 new VLANs and known by both switches. I configured a "VLAN 3"
port on the 2910al and defined an ip-helper address on the 2910al switch.
It works as expected (for DHCP and Ping). I plugged a DHCP PC on a
VLAN3 port on the 2910al and i got my address, DNS and router
(192.168.3.1, the 2910al addr.).
I can ping any server/pc on the default vlan (192.168.0.xxx/24) from my
PC (192.168.3.40). I can't connect to our terminal server (192.168.0.2)
or access the Internet. PC on the default VLAN (192.168.0.xxx/24) are
able to open an FTP session to my PC (192.168.3.40) but i see that
pfSense replace their source address by its address (192.168.0.222)
because of the Userland FTP-Proxy.
If i define a manual route to 192.168.3.0/24 in my server on the default
VLAN (192.168.0.2) which point to 2910AL address' (192.168.0.11),
everything works as expected: I can open a terminal session from my PC
(192.168.3.40 --> 192.168.0.2)
It is like pfSense does something weird when it has to handle half of an
IP connection:
Initiate
PC VLAN3 (192.168.3.40) --> 2910AL --> Server (192.168.0.2)
Response
Server (192.168.0.2) --> pfSense --> 2910AL (192.168.0.11) --> PC VLAN3
I'm quite a bit lost on this. Hope my explanation of the problem is clear.
Thanks in advance.
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
