NTP server on different subnet help!

Myth

Member
Feb 27, 2018
148
7
18
Los Angeles
Hey Guys,

So I have a server setup with a 192.168.253.31 address.
The network has three vlans:

Vlan 10 with 192.168.255.0/24
Vlan 20 192.168.254.0/24
Vlan 30 192.168.253.0/24

All the servers connect to one "routing" layer 3 switch. Each port is segmented as untagged to be in the respective Vlans.

Now I have a pfsense box acting as my time server. It's address is 192.168.255.1 and it is plugged into a physical port on the switch assigned as untaged for vlan 10.

I need the server in vlan 30 to be able to ping and use ntp from 192.168.253.31 to 192.168.255.1.

Both interfaces are connected to the switch. I'm slightly confused how to do this. Do I do tagged ports? Do I make some kind of route?

I guess I could plug in another port into my pfsense box, and make that interface 192.168.253.1 then untagg the port to be in vlan 30. But I'm hoping that I don't have to physically go back into the server room if possible, it's a drive.

Anyway for me to get the server on:
vlan 30 with an ip of 192.168.253.31/24 with a gateway of 192.168.253.254

to connect with the ntp server of 192.168.255.1/24 gateway 192.168.255.254

The gateway address for both devices points to the same switch, only on different vlans.

Thanks for any help!

-Myth

P.S. Do I tagged vlan 30 on the pfsense port and then assign a vitural interface on the pfsense box?
 
Last edited:

Blinky 42

Active Member
Aug 6, 2015
568
203
43
44
PA, USA
Do you have any routing / IP addresses setup on the switch itself?
Somewhere you will need to route between the networks on each VLAN, or put an interface from the pfSense box on each VLAN with an IP in the network on each vlan.
 
  • Like
Reactions: Spartacus

Myth

Member
Feb 27, 2018
148
7
18
Los Angeles
Do you have any routing / IP addresses setup on the switch itself?
Somewhere you will need to route between the networks on each VLAN, or put an interface from the pfSense box on each VLAN with an IP in the network on each vlan.
I have ip route 10.9.9.0/24 192.168.255.1 which is my openvpn tunnel.On the switch.

But I'm starting to think that you are right. I somehow need to create mutilpule vitural adapters on my pfsense LAN interface which is connected to my port 41 on the dell switch.

Currently my dell switch has untagged/non-trunked vlan 10 on port 41.

But I guess I'll need to make that port tagged vlan 10, 20 and 30, so that each vlan can travel through port 41 correct? Then I'll add vlan 10, 20, and 30 on the LAN interface pfsense side.

I have a static route on the pfsense box right now, 192.168.253.0/24 to 192.168.255.254 which is how my openvpn tunnel functions. I can also ping the file server from the pfsense box down, but not from the fileserver up.

I know how to add vlans via the vlan tag in pfsense, but I don't understand how I would create a virtual ip to the same lan interface. I've done that before via linux boxes, but in this particular instance, would adding the three vlan tags to pfsense lan interface, then making port 41 on the dell switch tagged/trunk for each vlan as well, allow the communication between the file server (192.168.253.21) to the pfsesne NTP server (192.168.255.1)?
 

turgin

Member
May 16, 2016
52
7
8
47
Does pfsense have a route to 192.168.253.0/24?

Nevermind, You posted while I was typing.

I'm not a pfsense expert but could it be that you need a rule to allow the server access to NTP since pfsense doesn't have an interface on that subnet?
 
Last edited:

Blinky 42

Active Member
Aug 6, 2015
568
203
43
44
PA, USA
Not a pfSense user myself so can't give detailed instructions - but yes you should be able to put all of the vlans on port 41 as tagged on the switch side, and then create virtual / tagged interfaces (not sure what pfSense would call it) on the pfSense side with an interface for each vlan - the same type of thing that you would do in Linux with ethX.10 ethX.20 ethX.30 etc all having their own IP addresses in the corresponding network block.
 

oddball

Active Member
May 18, 2018
172
57
28
39
You could go the sub-adapter route, or just create a static route between the subnet's you're trying to ping from. You'll also need reverse routes as well.