Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can only ping one way between VLANS

    General pfSense Questions
    3
    4
    379
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jpone88
      last edited by

      I have been trying to rack my brain on why this stopped working. I was able to ping between VLANS both ways. I have my NAS on 192.168.1.x/24 default LAN. and have my Steaming Devices and AV receivers on VLAN 5 192.168.5.x/24

      I recently added a new second WAN (ISP) connection to my router. I configured both of my WAN'S for load balancing both are set to tier 1. Now all of a sudden my NAS on 192.168.1.X is unable to ping any devices on the 192.168.5.x vlan. I am able to ping the 192.168.5.1 gateway but not able to ping any of the devices. I can ping my NAS from 192.168.5.X vlan. Here are my rules for VLAN 5.

      fa52fe94-570d-4a74-819f-c77d29198220-image.png

      GertjanG stephenw10S 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @Jpone88
        last edited by

        @Jpone88

        All that matters are the firewall rules on LAN, not your VLAN5 interface, the one you've shown.
        Packets are filtered, matched with the rules, on the incoming interface, your NAS is on LAN, 192.168.1.x, so it's the LAN interface rules that are used.
        You might as well remove all rules on your VLAN5 to demo this : the ping will still work.

        Concept of proof : my WAN interface, and probably yours, has no rules - it's empty.
        Still, I can ping the entire planet from a device on my LAN 😊

        @Jpone88 said in Can only ping one way between VLANS:

        I was able to ping between VLANS both ways.

        That's important to know.
        Otherwise I had to add : are the devices you want to ping from LAN allowing that they will send back an echo-reply when the source wasn't their own network ?

        When you 'undo' your remove your second WAN, things start working again ?
        If so, detail how you've set up your second WAN, as I presume "something" was done wrong.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator @Jpone88
          last edited by

          @Jpone88 said in Can only ping one way between VLANS:

          I configured both of my WAN'S for load balancing both are set to tier 1.

          Where did you set that? I don't see a gateway(group) set on the VLAN 5 rules, is it set on the LAN rules?

          You cannot set a load-balancing group as the system default gateway. That can only be a specific gateway or a failover group.

          Steve

          J 1 Reply Last reply Reply Quote 0
          • J
            Jpone88 @stephenw10
            last edited by

            @stephenw10 @Gertjan Issue resolved thank you for you help. The Policy Routing Configuration doc was what I needed to follow.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.