Kim,
Each of those devices do "NAT" and don't by default allow ping from the
WAN address into one of their respective LAN addresses.
I'm guessing you want "everything" inside your house to be connecting to
one another and to the internet, but the internet access should be
handled/firewalled by your pfsense box.
I suggest you try connecting each of your devices up like so:
Internet - pfsenseWANPORT
pfsense LAN port to - DI-624-LAN port
DI-624 LAN port to - WRT54G LAN port
The idea here is to eliminate NAT and FW functions from the two boxes
you have (the 624 and wrt54g) since you already have that working on the
pfsense box.
You'll need to disable DHCP on both the 624 and 54G boxes as well. Let
pfsense handle those. Nothing should be plugged into the WAN port on
either the 624 or the 54G.
What does all that do?
Let's you use the 624 as a plain old ethernet switch, and the 54G as a
wireless access point. You can then use any of the LAN ports on either
device as access to your PFsense lan as well. Makes things a lot simpler.
My own setup at home looks a bit like that, except I have an additional
(opt1) interface on my pfsense box, that I connect to one of the LAN
ports on a similar netgear (cheapo) 802.11g box.
Hope that helps.
Cheers,
andy
Ben Browning wrote:
I'm going to assume you had a typo in your description, and that the
WAN IP address of the WRT54G is not identical to the LAN IP address of
the D-Link. With that assumption:
The D-Link needs to pass a default gateway to all devices connected to
its LAN side of 192.168.0.200. The WRT54G needs to pass a default
gateway of all devices connected to its LAN side of 10.0.0.1. The
pfSense box needs to give all devices connected to its LAN side a
default gateway of whatever the pfSense WAN IP address is.
Now, you'll also need two static routes on the pfSense box. One for
destination 10.0.0.0, netmask 255.0.0.0, and gateway 192.168.0.200.
The other for destination 192.168.10.0, netmask 255.255.255.0, and
gateway 10.0.0.1 (or whatever the correct WAN IP of your WRT54G is).
On the D-Link, you'll need a static route for destination
192.168.10.1, netmask 255.255.255.0, gateway 10.0.0.1 (again whatever
the correct WAN IP of the WRT54G).
On the WRT54G and the D-Link make sure NAT is turned off. This setup
should allow any computer inside your network to ping any other
computer inside the network.
As for the virtual interface, I'm not sure why this would even be
needed in this situation. Remove it and try the above-mentioned static
routes and see if it works.
Ben
