DMZ interface has internet but LAN1 interface doesn't

johnpoz

@jarhead exactly - I would expect to see hits if trying to use the internet - even if it didn't work..

Get a ping going to 8.8.8.8 for example - your icmp rule should show traffic, etc.

Here I added a specific rule for icmp, and then started a ping.. Then checked my lan rules, refresh the page or go to something else and then come back.. Even if the ping didn't work you should see some traffic on it

Stef_R

Thanks all for the fast replies! :-)

Yes, I'm sure I'm connected to the LAN1 network because thats the interface I use to connect to the pfSense GUI.
My laptop has a static IP address (172.16.10.10) and the DHCP Server is disabled for the LAN1 interface.

As the screenshots show, I can ping my laptop's IP address from the pfSense menu and get a reply.
I also see data showing at the firewall rules.
This is as expected I think.

However, I can aqlso ping to the LAN1 interface (172.16.10.1) from my laptop to the pfSence firewall, but don't see any traffic added on the firewall rules section...

After this, the states are 0/960B.
When I do a return ping from my laptop, I get a reply back, but the states are unchanged, no matter how many ping commands I send out.

johnpoz

@stef_r 15ms response from your local pfsense.. That seems really freaking insane high for a local network, even if you were wireless to be honest..

The lan1 rule wouldn't be counted if you were pinging from pfsense to the lan device.. Rules are evaluated as traffic enters an interface from the network its attached too.. You could ping 1000 times to lan device from pfsense, that rule would not be evaluated.

Jarhead

@stef_r
Are you plugging directly into pfSense?
Did you enable the default Any rule?

johnpoz

@jarhead also odd is look at the first ping - normal or closer to normal 4ms, 1ms and from pfsense sub 1ms - and then drastic increase.. Something not right for sure.

Stef_R

I agree that something weird is going on here...

@jarhead said in DMZ interface has internet but LAN1 interface doesn't:

@stef_r
Are you plugging directly into pfSense?
Did you enable the default Any rule?

Yes. I have a direct cable connection (CAT8) from the laptop to the pfSense router.
At first, I disabled the default Any Rule but even after enabling it, ping results still not stable, meaning sometimes I get two-in-a-row ping results from <1mS but the next one is 9mS and the last one again around 15mS.

Next rond results are vary very much.

After enabling the WIFI interface and setup the firewall rules as I did with the DMZ interface and ruleset, I get consistent ping results of <1mS and I also see the normal WiFi icon in my Windows taskbar with only one bar of connection, so the WiFi speed is perfect for the distance of the router.

johnpoz

@stef_r said in DMZ interface has internet but LAN1 interface doesn't:

After enabling the WIFI interface

This interface is a wifi interface in pfsense? Yeah that not a good setup to be honest, freebsd and wifi just not a good mix at all. You would be better off buying whatever cheap 20$ wifi router you can find on amazon and just using it as AP to be honest.

is your test device connected to both wifi and wire at the same time?

Stef_R

@johnpoz Thanks, but in fact it is exactly what you describe.

I have just named the interface "WIFI" myself and don't use any WiFi functions of pfSense / FreeBSD.
The router I have connected is an old Synology RT1900AC set up as wireless access point. :-)

johnpoz

@stef_r ok that is better.. Your using it as a true AP, not double natting. Ie you connect it your network with with one of its lan ports, disable its dhcp server.. Gave its gui an IP on your network so you can access its gui?

For testing of your firewall and its rules, etc. I would take wifi out of the equation. Connect device directly to pfsense interface or via a switch, etc.

That you pinging pfsense IP and not seeing anything on the rules - that would have me think you were actually pinging maybe the wifi routers IP, etc.

Stef_R

don't beat my drawing skills because I've worked very hard on it (ha ha just kidding!) but here is a small drawing on how I have (or want to) set my network.

With only one small difference:
At the moment I haven't connected my Cisco router between my PC and pfSense firewall, so there is a plain, straight UTP cable without any switch or router in between.