private lan trouble

[Rowan Sheridan]

Grateful for some advice. I've Googled as much as I can to get a clear answer but can't see anything that will help me.

I'm trying to create a private network - with pfsense being the router.

My pve server is 192.168.1.50. My internal network is using vmbr1 - with IP addresses of 10.10.10.0/24.

From a machines in the private network - 10.10.10.14 & 10.10.10.15
I can't ping 8.8.8.8 or google.com from internal network - Good
I can ping 192.168.1.50 from internal network - Bad
I can't ping another 192.168... address from 10.10.10.14 or 10.10.10.15 - Good

The PfSense box is 10.10.10.5

Clearly I've configured something incorrectly but I'm just not sure what.

auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.1.50
        netmask 255.255.255.0
        gateway 192.168.1.254
        bridge_ports eno1
        bridge_stp off
        bridge_fd 0

auto vmbr1
iface vmbr1 inet static
 bridge_ports none
 bridge_stp off
 bridge_fd 0

iface eno2 inet manual

iface eno3 inet manual

iface eno4 inet manual

10.10.10.15


network


PfSense

 

[Richard]

The question is which is the Pfsense's address in 192.168.1.0/24 network? If it's 192.168.1.254 it should work, check then the Pfsense settings.

If not it cannot work since the host routes each packet with destination in 10.10.10.0/24 to the address mentioned above which has probably no connection to that subnet.

 

[Rowan Sheridan]

thanks for the reply.

The PfSense box ip is 10.10.10.5.

on the 192.168.1.0/24 network the ip is 192.168.1.236

 

[Rowan Sheridan]

even though pfsense gets the ip 192.168.1.23 from my lan router i cant access it from my lan - only on the 10.10.10.5 ip

 

[Richard]

even though pfsense gets the ip 192.168.1.23 from my lan router i cant access it from my lan - only on the 10.10.10.5 ip

What means "my lan"? 10.10.10.0/24?

Of course you have to set the routing also in the VMs properly, e.g.

route add -net default gw 10.10.10.5

And, finally, as already stated: connection to host's 192.168.1.50 cannot work since it has defined 192.168.1.254 as default gateway.

 

[Rowan Sheridan]

Sorry I'm not explaining myself clearly. When i refer to my LAN i mean 192.168.1.0/24
The 10.10.10.0/24 is the internal network i wish to setup that has no external access. For malware analysis.

 

[Rowan Sheridan]

resolved
for anyone who is having similar issues.

my above settings do work

- on pfsense box - under interfaces WAN, untick the boxes which prevent private ips from accessing the WAN
- setup firewall rule on LAN to allow LAN to LAN for all protocols