pfSense short config summary:
WAN interface is on a registered Internet block of addresses
connected to ISP via fibre
LAN interface has IP address 10.200.1.3/24
OPT1 interface has IP address 192.168.184.1/24
A separate wireless network exists on 172.16.0.0/12 subnet, via an HP MSM760 wireless controller.
Problem summary: I cannot route from the wireless subnet 172.16 to the LAN subnet 10.200.1
Configuration
-------------
172.16.0.0/12 network
HP ProCurve VSC wireless subnet
|
|
(traffic from 172.16 intercepted by HP MSM760 and egress to
interface with IP 192.168.184.2)
|
|
192.168.184.2 (external interface on MSM760 controller)
|
|
|
|
192.168.184.1 (OPT1 interface on pfSense server)
On pfSense the following gateway is set as:
Name: BYOD, Interface: OPT1, Gateway: 192.168.184.2
... and the following route is set as:
Network: 172.16.0.0/12, Gateway: BYOD - 192.168.184.2, Interface: OPT1
Diagnostics: A host in the 172.16 network has the address 172.16.0.4 and it has no firewall, so it can respond to PING
I can ping 172.16.0.4 from the OPT1 interface in pfSense' Diagnostics/Ping page but I cannot ping that address from the WAN or LAN interface in pfSense.
Is there anything obvious from the above description that would explain why I cannot see the 10.200.1 net from the 172.16 net?
Here is a screenshot of the VSC config on the MSM760. The 172.16.0.0 network is defined by the DHCP server config at the bottom of the shot.
And these are relevant pages from pfSense. As you can see there is a route to the 172.16.0.0/12 network via gateway 192.168.184.2 (which is an IP interface connected to VLAN #9 on the MSM760)
At the end you can see a diagnostic Ping from the pfSense to a host on the 172.16 network.
And just to clarify what the VSC Egress Mapping is going to:
I would put up a sniffer between the pfsense OPT interface and the MSM760 just to see what the packets look like and if they're even making it onto that line.
You'd want to see if:
1. Your pings TO the 172.16 network from LAN and WAN are even exiting the OPT interface and
2. Packets FROM the 172.16 network destined to the LAN are making it passed the MSM760 to the pfsense.
Either one of those two isn't happening OR there's something wrong with ARP. I'm still confused about what 172.16.0.2 is? What device is their default gateway? If the MSM760 is intercepting it and putting it onto the OPT1 connection, is it re-writing the packet so that it's new destination is the OPT1 interface IP or is it just dumping it onto the wire?