On 10-12-10 01:21 AM, Maik Heinelt wrote:
On 2010/12/10 13:56, Evgeny Yurchenko wrote:
On 10-12-09 11:54 PM, Maik Heinelt wrote:
On 2010/12/10 13:26, Evgeny Yurchenko wrote:
On 10-12-09 11:07 PM, Maik Heinelt wrote:
pfSense is our internet router (192.168.144.10)
The L3 switch in between the 2 networks A. and B. is configured to
send all request for network A (192.168.144.0) to the pfsense router.
Before we used pfSense, we had a working CentreCom Router.
Maik
..................................................................
Heinelt Maik | Software Developer
ハイネルト マイク
愛知県一宮市富士2-2-22
株式会社 ベガシステムズ
TEL: 0586-71-3903 FAX: 0586-71-4071
http://www.vegasystems.com
Skype ID: daliose
..................................................................
DISCLAIMER: This information is confidential and is intended only
for the use of the individual or entity named above. If the reader
of this message is not the intended recipient, please disregard
and destroy this email and its content. Thank you
On 2010/12/10 13:04, Evgeny Yurchenko wrote:
On 10-12-09 11:01 PM, Maik Heinelt wrote:
Sorry for the confusion.
We have L3 switch between network A and B.
This switch has the IP 192.168.144.112 in network A and the IP
192.168.11.1 in network B.
Any request for network B (192.168.11.0) from 192.168.144.0
network is routed to 192.168.144.112.
I can reach from A network to B network, but not backward.
Maik
And where is pfSense here?
please do not top-post.
So, we have
Network A -----------------192.168.144.112 switch 192.168.11.1
-------------- Network B
192.168.144.0/24 |
| 192.168.11.0/24
|
|
\-192.168.144.10 pfsense
192.168.11.x-/
and hosts from A forward packets to pfSense when send to B while
hosts from B always forward packets to the switch.
Right?
Ideal solution is to get rid of asymmetric routing, if you want to
filter traffic just make hosts in B to use pfSense when sending to A.
If it is not possible then what Chris proposed does not work
because pfSense has network B on one of its interfaces, thus you
can't create static route to Network B.
Try in the rule allowing A to B set StateType to None.
You are almost right with our network configuration.
Network A 192.168.144.0/24 is using pfsense on 192.168.144.10 as
internet router.
Network B 192.168.11.0/24 is using it's own router for internet
connection.
Only in case of requests to network A from B it will use the L3
switch in between the both networks.
So all clients in network B are using the 192.168.11.xx internet
router as gateway.
So it isn't possible to use pfsense in network B as default.
If I set the rule allowing A to B with settings StateType to None, I
cannot connect to network B (192.168.11.0/24) at all.
Maik
Ok then, if pfSense does not have 192.168.11.0/24 at all then just
create static route on pfSense. 192.168.11.0/24 route via
192.168.144.112 and enable option Chris mentioned. Should work.
Evgeny.
Static route is set:
Interface Network Gateway
LAN 192.168.11.0/32 192.168.144.112
Static route filtering: *Bypass firewall rules for traffic on the same
interface* is checked.
But if I try to reach an 192.168.144.0/24 IP from 192.168.11.0/24
network, I cannot. connect.
From 144.0 network to 11.0 works very well.
Maik
Can you do tcpdump on the interface Network A?
like tcpdump -ni<interface name> net 192.168.11.0/24
you should see two instances of every packet coming back to 192.168.11.0/24
Evgeny
