[pfSense Support] Splitting a /24 into multiple subnets

Mon, 23 May 2011 14:24:53 -0700 

Hi all,


first: I'm not really a network guy, but thanks to pfSense was able
to some advanced (at least by my measures) stuff by myself - until
now... So please be patient with me.

A Vmware host machine has 1 NIC and uses 1 public IP itself.
A second public IP (say 4.3.2.17/32) is used for the pfSense VM's
WAN interface. The provider is routing a /24 (say 1.2.3.0/24) on
that second IP.

If I configure pfSense's LAN to 1.2.3.1/24 everything works as
expected.

Now I'm trying to segment the /24 into 4 subnets with the pfSense
interfaces being:
    
    -   1.2.3.1/26
        LAN, connected to Vmware vSwitch1
        used as the VMs' primary IPs
        
    -   1.2.3.129/25
        OPT1, connected to Vmware vSwitch2
        to be used for SSL sites

The remaining segments shall be used later for various VPNs
(1.2.3.64/27, 1.2.3.96/28, 1.2.3.112/28).

Several Linux webserver VMs have 2 NICs each, connected to vSwitch1
on eth0 and vSwitch2 on eth1.

I've successfully configured pfSense to:
    
    -   do everything related to 1.2.3.0/26 from the pfSense box
        itself as well as from any host on the internet
    
    -   being able to reach pfSense's 1.2.3.129/25 interface
        from the pfSense box itself and from the internet
    
    -   being able to reach the machines in the 1.2.3.128/25
        from the pfSense box itself
    
I'm currently failing in reaching any of the VMs via their interfaces
connected to the 1.2.3.128/25. I've configured firewall rules to
allow ICMP echo requests as well as TCP ports 80 and 443 for
destinations in that subnet on the WAN interface. I can see that
traffic is blocked when I disable these rules and is passed if I
leave them enabled. If I do an HTTP request, I see
CLOSED:SYN_SENT/SYN_SENT:CLOSED in pfSense's "Diagnostics:
Show States".

If i do an HTTP request on an IP in the 1.2.3.0/26, everthing is
fine and I see "FIN_WAIT_2:FIN_WAIT_2" in the states table.

Any pointers (especially RTFMs with URLs or page numbers from "the
book") on what I'm missing are greatly appreciated.


TIA,

Andreas



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Commercial support available - https://portal.pfsense.org

Reply via email to