• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Blending two networks, can only access one router

yukichigai

yukichigai

Diamond Member
Alright, so I've got a bit of a strange setup going here at home. Because we're out in the boonies we have two separate DSL connections.

Rather than just using multi-wan, we've actually got two different subnets (on separate-but-linked physical networks) for each connection: 172.16.2.0/24 and 172.16.5.0/24. Each connection has its own router at .1, handing out the appropriate DHCP addresses and the like. The two subnets are linked using a VLAN'd switch that blocks DHCP traffic between the two physical networks.

The problem I'm having is that from the .5.0/24 network I'm not able to reach the router at .2.1 (call it router A). I can reach ANY other address in the .2.0/24 subnet, including the Wireless AP and all computers. Here's where it gets weird though: any computer can access the B router at .5.1, regardless of which subnet they are on.

Both routers are servers using pfsense. I can't find any obvious settings that would indicate why one has connection issues while the other doesn't. The setups are mostly identical, save for the "anyone can access it" router is running the latest Beta (with IPv6 support). I doubt IPv6 is the issue though, since we've been testing access by typing in IPv4 addresses.

Seriously stumped and its driving me nuts. Halp.
 
You don't explain how the two networks have access to one another. Is there another subnet connecting the two routers, or is one router on both subnets? Posting a network diagram would be helpful.
 
Pheran said:
You don't explain how the two networks have access to one another. Is there another subnet connecting the two routers, or is one router on both subnets? Posting a network diagram would be helpful.
Click to expand...

Well I thought I did. Lemme rephrase.

The two networks are linked with just a simple Ethernet run between the central switch on the A network to another switch on my B network. The switch on my end is VLAN-capable (yay DD-WRT) and is set up to block all incoming or outgoing DHCP traffic (or more specifically, all UDP traffic on ports 67 and 68) on that link/port.

Goros said:
If you have a motherboard with dual nics you can bridge them.
Click to expand...

For that one computer, yes. I want a network-wide link, hence the VLAN'd switch and the pfsense boxes.

Also my pfsense router has only one onboard LAN port and only one PCI port. Sadface.
 
yukichigai said:
Well I thought I did. Lemme rephrase.

The two networks are linked with just a simple Ethernet run between the central switch on the A network to another switch on my B network. The switch on my end is VLAN-capable (yay DD-WRT) and is set up to block all incoming or outgoing DHCP traffic (or more specifically, all UDP traffic on ports 67 and 68) on that link/port.
Click to expand...

So the two networks are just bridged? Ugh, that shouldn't even work right, unless something is doing proxy ARP somewhere. It would be a whole lot cleaner if the two pfsense servers had a cross connect and a couple of static routes to send traffic between the two subnets. That could even be done with a single port if you can do 802.1q trunks.
 
Pheran said:
So the two networks are just bridged? Ugh, that shouldn't even work right, unless something is doing proxy ARP somewhere. It would be a whole lot cleaner if the two pfsense servers had a cross connect and a couple of static routes to send traffic between the two subnets. That could even be done with a single port if you can do 802.1q trunks.
Click to expand...

sounds like his DD-WRT is 802.1q capable and is doing 'router on a stick'?
 
Lithium381 said:
does your router ( the one at .2.1 ) have a route back to the 5.0/24 subnet?
Click to expand...

This actually pointed me to the issue. Apparently there was a lingering OpenVPN route that was left over from when the two networks were not occupying the same house. Apparently pfsense's routing table leaves those routes in place even if the VPN is down, but wasn't noting them in the routing table. I upgraded to the latest firmware and bam, the routes appeared in the table. I've removed them and the two networks once more play nice.

Pheran said:
So the two networks are just bridged? Ugh, that shouldn't even work right, unless something is doing proxy ARP somewhere. It would be a whole lot cleaner if the two pfsense servers had a cross connect and a couple of static routes to send traffic between the two subnets. That could even be done with a single port if you can do 802.1q trunks.
Click to expand...

Pfsense has automatic ARP.

If I could do a dedicated link between the two pfsense boxes I would, but my pfsense box only has one PCI port and one onboard LAN. Routing into a switch with VLAN is the best I can do.
 
Lithium381 said:
sounds like his DD-WRT is 802.1q capable and is doing 'router on a stick'?
Click to expand...

More or less. It's working like an expensive Cisco managed switch rather than a router, but same net effect: it's just a thing in between the two bridged networks that stops DHCP traffic.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top