Re: [pfSense Support] Help with static routing

Thu, 10 Sep 2009 19:28:23 -0700 

Guy Boisvert wrote:

Chris Buechler wrote:
On Fri, Aug 28, 2009 at 2:28 PM, Guy Boisvert<boisvert....@videotron.ca> wrote: 

There is no "firewall rules" on VLAN3.  This is simple routing with the

2910AL (Layer 3) that simply forward traffic to its default gateway 
which is

pfSense on VLAN0.



Oh, the VLANs are being routed by something else. Then you just need
the static route(s) on LAN, and to change the LAN rule which only
allows out the LAN subnet by default. That's assuming you're using
automatic outbound NAT, if you have AON enabled you need NAT rules for
those subnets too.



Sorry for this response "out of thread", i never received your 
response above so i took it from "mail-acrhive.com" and pasted it here.



Yes, LANs 192.168.3.0/24 and 192.168.2.0/24 are routed by a Layer 3 
Switch (HP 2910al L3 Switch) which is connected to pfSense LAN 
interface.  2910AL is 192.168.0.11 and pfSense is 192.168.0.222. 
Default gateway of the 2910AL is 192.168.0.222 of course.



It still doesn't work and i don't know why!  I'm mystified!


Effectively, i use Manual Outbound NAT (MON).  I have the following 
rule for MON:

------------------------
Interface: WAN
Source: Network
Address: 192.168.3.0/24
Destination: Any
Translation: Interface Address




As i previously said, firewall rule for LAN interface is wide open 
("all stars"!!!).



For static route, i have:
-------------------------
Interface: LAN
Destination Network: 192.168.3.0/24
Gateway: 192.168.0.11 (2910al's interface addr on LAN)



Ping from 192.168.3.40 (My Test PC on VLAN3) to 192.168.0.222 
(pfSense) and 192.168.0.1 (Our file server) all work.



I can connect to our terminal server from my PC.  Only Internet is 
failing.  With the above settings, i don't know what is blocking the 
traffic to the internet...  I use pfSense 1.2.2 build Thu Jan 8 
22:30:24 EST 2009 on a PC with hard drive.



If anybody had an idea, let me know!!!  Thanks!


Guy Boisvert



From 192.168.3.40 can you ping 64.233.169.104, if not what does tracert 
-d 64.233.169.104 show (this is MS Windows variant of traceroute tool)?

Can you do the same from pfSense itself?

Eugene.


---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org























					Reply via email to