On 2010/12/10 13:56, Evgeny Yurchenko wrote:
On 10-12-09 11:54 PM, Maik Heinelt wrote:Ok then, if pfSense does not have 192.168.11.0/24 at all then just create static route on pfSense. 192.168.11.0/24 route via 192.168.144.112 and enable option Chris mentioned. Should work.On 2010/12/10 13:26, Evgeny Yurchenko wrote:On 10-12-09 11:07 PM, Maik Heinelt wrote:pfSense is our internet router (192.168.144.10)The L3 switch in between the 2 networks A. and B. is configured to send all request for network A (192.168.144.0) to the pfsense router.Before we used pfSense, we had a working CentreCom Router. Maik .................................................................. Heinelt Maik | Software Developer ハイネルト マイク 愛知県一宮市富士2-2-22 株式会社 ベガシステムズ TEL: 0586-71-3903 FAX: 0586-71-4071 http://www.vegasystems.com Skype ID: daliose ..................................................................DISCLAIMER: This information is confidential and is intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, please disregard and destroy this email and its content. Thank youOn 2010/12/10 13:04, Evgeny Yurchenko wrote:On 10-12-09 11:01 PM, Maik Heinelt wrote:Sorry for the confusion. We have L3 switch between network A and B.This switch has the IP 192.168.144.112 in network A and the IP 192.168.11.1 in network B. Any request for network B (192.168.11.0) from 192.168.144.0 network is routed to 192.168.144.112.I can reach from A network to B network, but not backward. MaikAnd where is pfSense here?please do not top-post. So, we haveNetwork A -----------------192.168.144.112 switch 192.168.11.1 -------------- Network B 192.168.144.0/24 | | 192.168.11.0/24 | | \-192.168.144.10 pfsense 192.168.11.x-/ and hosts from A forward packets to pfSense when send to B while hosts from B always forward packets to the switch.Right?Ideal solution is to get rid of asymmetric routing, if you want to filter traffic just make hosts in B to use pfSense when sending to A. If it is not possible then what Chris proposed does not work because pfSense has network B on one of its interfaces, thus you can't create static route to Network B.Try in the rule allowing A to B set StateType to None.You are almost right with our network configuration.Network A 192.168.144.0/24 is using pfsense on 192.168.144.10 as internet router. Network B 192.168.11.0/24 is using it's own router for internet connection. Only in case of requests to network A from B it will use the L3 switch in between the both networks. So all clients in network B are using the 192.168.11.xx internet router as gateway.So it isn't possible to use pfsense in network B as default.If I set the rule allowing A to B with settings StateType to None, I cannot connect to network B (192.168.11.0/24) at all.MaikEvgeny.
Static route is set: Interface Network Gateway LAN 192.168.11.0/32 192.168.144.112Static route filtering: *Bypass firewall rules for traffic on the same interface* is checked. But if I try to reach an 192.168.144.0/24 IP from 192.168.11.0/24 network, I cannot. connect.
From 144.0 network to 11.0 works very well. Maik
<<attachment: maik.vcf>>
--------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
