I'm not entirely sure how you had this working with your old firewall - I would think it would have the same issue.
The best thing for you to do would be to separate the two LANs. You probably don't need to change any cabling because most server network cards let you set a default VLAN to use. (If you have Windows servers, you either need a managed switch or network cards with drivers that support setting a VLAN. For Linux servers, this should because doable with any network card. Most server-grade network cards have support for setting a VLAN from the Properties screen of the adapter in Device Manager.) Moshe On Mar 29, 2017 6:55 AM, "Claudio M." <[email protected]> wrote: > Hi > I've migrated a linux firewall to a 2.3.3-RELEASE-p1 pfsense. > The old configuration was with 2 interfaces connected to adsl routers and > an > interface for the lan. Was configurated also a GRE VPN with an alias IP on > this > LAN network so on the same LAN coexisted two networks > 192.168.1.0/24 > 10.7.13.0/24 > where the first was for all desktop clients and the seconds for the > servers. A > server have a interface on the LAN with Ip 10.7.13.1 and a alias on the > same > interface with 192.168.1.6. > When a client is connect to this server, sends packets to the firewall and > the > firewall resends that to the destination server. The server receive this > packets and reply using the same interface but contact directly the client > with IP on the same net. Before with linux this was not a problem but with > pfsense, a statefull firewall, this is not more possible. Now i've an > asymmetric routing without a routing so I cannot use the tips present at > this > page https://doc.pfsense.org/index.php/Asymmetric_Routing_and_ > Firewall_Rules > > How can I to do? > > Best regards > Claudio M. > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
