No route between IPs

Gut733

Hello,

I am trying to use pfsense as a solution for small ISP bussiness.
I've got couple clients already but encountered some problems with right configuration of routing as I suppose.
Below U can see simplified configuration of my box.

Problem is that I've got no connection between clients. No matter if it is from LAN - host 1 to client 1-3 on OPT1 or from client 1 to client 2 etc.

There is no problem if traffic comes from outside host, then everything is fine, ping, ftp, etc.

Any ideas? :)

viragomann

@gut733
The clients in both network segments have to use pfSense as their default gateway to route between both. This is a quite common set up at all.

On pfSense you need firewall rule in place on both interfaces to allow the access. On LAN there is an allow-any-to-any rule by default. If you didn't change this, access should work at least from LAN to any device.

If it doesn't work even though, the access is most likely blocked by the destination device itself. But as you say, the devices are accessible from outside, I suppose that it neither blocks inside access.

I assume, access to the internet is working as well from all devices?

or from client 1 to client 2 etc.

Do you say, you cannot access client 2 from client 1, but you can access 2 from the internet?
Traffic between these devices should not even pass pfSense. Hence it cannot be blocked by pfSense and since they are within the same L2 network, there no route needed to communicate with each other.

Gut733

@viragomann said in No route between IPs:

@gut733
The clients in both network segments have to use pfSense as their default gateway to route between both. This is a quite common set up at all.

OK, so my main box has it's WAN IP like ..149.5, so for all subnets I should set their default gateway to it in exchange from ..4.121/29 for OPT1 and 192.168.2.1/24 for LAN?

On pfSense you need firewall rule in place on both interfaces to allow the access. On LAN there is an allow-any-to-any rule by default. If you didn't change this, access should work at least from LAN to any device.

Yep, this is in default settings, as it is my "managing" network.

If it doesn't work even though, the access is most likely blocked by the destination device itself. But as you say, the devices are accessible from outside, I suppose that it neither blocks inside access.

Yep, the destination device, client 1 for example, blocked it as it was accessed from local network (Block private networks and loopback addresses - checked on WAN interface)

I assume, access to the internet is working as well from all devices?

Yes, they all have internet access

or from client 1 to client 2 etc.

Do you say, you cannot access client 2 from client 1, but you can access 2 from the internet?
Traffic between these devices should not even pass pfSense. Hence it cannot be blocked by pfSense and since they are within the same L2 network, there no route needed to communicate with each other.

This moment I don't understand clearly but I suppose it should route on same interface right, without bothering pf?

Thanks in advance! :)

Gut733

@gut733
OK, I realized that I am a total noob :D
I connected test client on default pfsense setup in client 1-3 subnet and there is everything ok. I can ping all allowed hosts in the network.

So it brings me to question, why can't I ping from LAN to any client in OPT1 subnet.