DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 10th November 2008
windependence's Avatar
windependence windependence is offline
Real Name: Tim
Shell Scout
 
Join Date: May 2008
Location: Phoenix, Arizona
Posts: 116
Thanked 4 Times in 3 Posts
Default Another gateway box question

Mods please move this if it's not in the right place.

I have a pfsense box set up in a client's office. The internal LAN is split into basically two networks, one has the 100.0.0.0/24 scheme and the other is 192.168.1.0/24. The pfsense box has an internal address of 100.0.0.111 which is what the old gateway was on the hardware router. The external address is one of several they have available from their ISP.

Their internal Windows workstations are all on the 100.0.0.0/24 network, but I have one box, their mail server, which is 192.168.1.20. Here is the problem. I can't see the mailserver on the network when I am logged in on the 100.0.0.0/24 network. I thought since the pfsense box is a router, it would route traffic between the two networks. Networking has never been my real strong point but I do understand the basics. The Windows admin says he didn't want the mailserver on the same network in case there was a virus outbreak. Is there another way to do it without using a different network? Any ideas would be greatly appreciated.

-Tim
__________________
www.windependence.org
Get your Windependence today!
Reply With Quote
  #2   (View Single Post)  
Old 11th November 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,246
Thanked 182 Times in 149 Posts
Default

If you are on a 100.0.0.0/24 network, which is a public network, you usually will never be able to get to a 192.168.1.0/24 network, because 192.168.1.0/24 traffic will never be routed on a public internet.

Or do you mean they have a 10.0.0.0/24 network?

In that case you need to tell the pf.sense box that 10.0.0.111 is the gateway for the 192.168.1.0/24 network.
Code:
 route add -net 192.168.1.0/24 10.0.0.111
This is one part of the deal It will now route packets for 192.168.1.20 through 10.0.0.111.

The second part is to get the answer packets.
To reply you, the mailserver needs to know that it should route 10.0.0.0/24 packets through 10.0.0.111.

But doesn't defeat all this the separation of the mailserver from the 10.0.0.0 net into it's own network?

J65nko - who has never use pfsense
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 11th November 2008
windependence's Avatar
windependence windependence is offline
Real Name: Tim
Shell Scout
 
Join Date: May 2008
Location: Phoenix, Arizona
Posts: 116
Thanked 4 Times in 3 Posts
Default

Well, unfortunately I didn't set this one up and they are using the public IP range 100.0.0.0/24 for their internal LAN. Yeah, I don't know why either, but I guess it's certainly possible. At any rate, I'm thinking unless I use two pfsense boxes (which would be easy because they are on VMware ESXi) there would be no way to really separate the networks. Do you think using two routers would be better?

So, what you are saying is if I add the static route you mentioned, then the two networks should be able to talk to each other? I see you point though, it would kinda defeat the reason for doing it that way. What about two separate gateways? Is there a way to do that?

The reason I am using pfsense BTW is because I am working with a Windoze admin that can't get the command line, Lord knows I tried. I do like the traffic graphing and stuff although I know I could set up MRTG for that.

Thanks so much for the help. We have a huge demand for these gateway boxes right now and I want to stick with *BSD instead of something like untangle for the simplicity, and I like BSD way more than Linux. :-)

-Tim
__________________
www.windependence.org
Get your Windependence today!
Reply With Quote
  #4   (View Single Post)  
Old 11th November 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,246
Thanked 182 Times in 149 Posts
Default

With the little information I have now, I would have to guess too much

Could you post a simple network diagram showing how the pfsense box and the two networks 100.x.x.x and 192.168.x.x are physically connected?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
antivirus gateway milo974 OpenBSD Security 9 14th September 2008 04:02 AM
FreeBSD Gateway tad1214 FreeBSD Ports and Packages 4 11th July 2008 05:31 AM
Error 504 gateway timeout bsdbsd FreeBSD General 0 15th June 2008 01:06 PM
Problem at the install with a pc gateway mastersabin FreeBSD Installation and Upgrading 1 4th June 2008 07:47 PM
Dual WAN gateway. LordZ OpenBSD Security 2 2nd June 2008 09:00 AM


All times are GMT. The time now is 12:23 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick