NTP server on different subnet help!

Discussion in 'Networking' started by Myth, Oct 31, 2019.

  1. Myth

    Myth Member

    Joined:
    Feb 27, 2018
    Messages:
    148
    Likes Received:
    7
    Hey Guys,

    So I have a server setup with a 192.168.253.31 address.
    The network has three vlans:

    Vlan 10 with 192.168.255.0/24
    Vlan 20 192.168.254.0/24
    Vlan 30 192.168.253.0/24

    All the servers connect to one "routing" layer 3 switch. Each port is segmented as untagged to be in the respective Vlans.

    Now I have a pfsense box acting as my time server. It's address is 192.168.255.1 and it is plugged into a physical port on the switch assigned as untaged for vlan 10.

    I need the server in vlan 30 to be able to ping and use ntp from 192.168.253.31 to 192.168.255.1.

    Both interfaces are connected to the switch. I'm slightly confused how to do this. Do I do tagged ports? Do I make some kind of route?

    I guess I could plug in another port into my pfsense box, and make that interface 192.168.253.1 then untagg the port to be in vlan 30. But I'm hoping that I don't have to physically go back into the server room if possible, it's a drive.

    Anyway for me to get the server on:
    vlan 30 with an ip of 192.168.253.31/24 with a gateway of 192.168.253.254

    to connect with the ntp server of 192.168.255.1/24 gateway 192.168.255.254

    The gateway address for both devices points to the same switch, only on different vlans.

    Thanks for any help!

    -Myth

    P.S. Do I tagged vlan 30 on the pfsense port and then assign a vitural interface on the pfsense box?
     
    #1
    Last edited: Oct 31, 2019
  2. Blinky 42

    Blinky 42 Active Member

    Joined:
    Aug 6, 2015
    Messages:
    532
    Likes Received:
    189
    Do you have any routing / IP addresses setup on the switch itself?
    Somewhere you will need to route between the networks on each VLAN, or put an interface from the pfSense box on each VLAN with an IP in the network on each vlan.
     
    #2
    Spartacus likes this.
  3. turgin

    turgin Member

    Joined:
    May 16, 2016
    Messages:
    51
    Likes Received:
    6
    That gateway isn't on the same network as the host address so that's one problem.
     
    #3
  4. Myth

    Myth Member

    Joined:
    Feb 27, 2018
    Messages:
    148
    Likes Received:
    7
    That was actually a typo, and I just edited my original post.
     
    #4
  5. Myth

    Myth Member

    Joined:
    Feb 27, 2018
    Messages:
    148
    Likes Received:
    7
    I have ip route 10.9.9.0/24 192.168.255.1 which is my openvpn tunnel.On the switch.

    But I'm starting to think that you are right. I somehow need to create mutilpule vitural adapters on my pfsense LAN interface which is connected to my port 41 on the dell switch.

    Currently my dell switch has untagged/non-trunked vlan 10 on port 41.

    But I guess I'll need to make that port tagged vlan 10, 20 and 30, so that each vlan can travel through port 41 correct? Then I'll add vlan 10, 20, and 30 on the LAN interface pfsense side.

    I have a static route on the pfsense box right now, 192.168.253.0/24 to 192.168.255.254 which is how my openvpn tunnel functions. I can also ping the file server from the pfsense box down, but not from the fileserver up.

    I know how to add vlans via the vlan tag in pfsense, but I don't understand how I would create a virtual ip to the same lan interface. I've done that before via linux boxes, but in this particular instance, would adding the three vlan tags to pfsense lan interface, then making port 41 on the dell switch tagged/trunk for each vlan as well, allow the communication between the file server (192.168.253.21) to the pfsesne NTP server (192.168.255.1)?
     
    #5
  6. turgin

    turgin Member

    Joined:
    May 16, 2016
    Messages:
    51
    Likes Received:
    6
    Does pfsense have a route to 192.168.253.0/24?

    Nevermind, You posted while I was typing.

    I'm not a pfsense expert but could it be that you need a rule to allow the server access to NTP since pfsense doesn't have an interface on that subnet?
     
    #6
    Last edited: Oct 31, 2019
  7. Blinky 42

    Blinky 42 Active Member

    Joined:
    Aug 6, 2015
    Messages:
    532
    Likes Received:
    189
    Not a pfSense user myself so can't give detailed instructions - but yes you should be able to put all of the vlans on port 41 as tagged on the switch side, and then create virtual / tagged interfaces (not sure what pfSense would call it) on the pfSense side with an interface for each vlan - the same type of thing that you would do in Linux with ethX.10 ethX.20 ethX.30 etc all having their own IP addresses in the corresponding network block.
     
    #7
  8. oddball

    oddball Active Member

    Joined:
    May 18, 2018
    Messages:
    151
    Likes Received:
    48
    You could go the sub-adapter route, or just create a static route between the subnet's you're trying to ping from. You'll also need reverse routes as well.
     
    #8

Share This Page