VLAN, LAN can ping trunk, cannot ping any devices

brianjmc1

No firewall on laptop, only for me to get at the other side for testing. Maybe it needs a reboot...

Thanks,
brian

Jarhead

@brianjmc1 Start using the packet capture in that case.
Filter it to pings from the laptops IP, start it on the LAN interface and do a ping from the laptop to LAN. See if the requests are getting to the LAN and the device is replying. Then start it on the LAN2 side and see if the replies are getting through.

brianjmc1

OK, in my home lab, I built a brand new PFsense 2.6
configured WAN, LAN, OPT1

Out of the box, LAN has internet , OPT1 does not...
added rule for Opt1, now it has internet.

No pinging from LAN to OPT1 devices or OPT1 to LAN devices
added a rule on LAN to pass traffic to OPT1
added a rule on OPT1 to pass traffic to LAN

It works and can access either direction......

must be something wrong with original PFsense that i have been trying...
that's my only conclusion.... extremely frustrating....

only other difference is on original not working right, I have openVPN and IPSEC tunnels..

I need a drink!!!!!!

Jarhead

@brianjmc1 Oh, Maybe you have overlapping subnets on the VPN's?
How about any policy routing?
Did you try the packet capture?

A Former User

@brianjmc1

If you do not have VLANs, you have no need for a trunk. You should use access ports on your switch instead.

brianjmc1

no VLANS, 2x LANS, two different physical networks off of 2x interfaces....

Wan, LAN, OPT1

thanks,
Brian

A Former User

@brianjmc1

Yeah, that's how I understood that. But, how do you connect pfSense to your network? The issue seems to be with that connection, not pfSense. How's your switch configured?

brianjmc1

@kjk54 sorry, my misunderstanding!!!!

I have two physical not connected, dumb LANS - best way i can say it...

Switch one connects to LAN and connects most devices
Switch two connects to OPT1 and then connects a security camera system

Trying to keep all traffic of OPT1 from getting to LAN...

My PFsense has 4 physical ports WAN, LAN, OPT1, OPT2(not used)

A Former User

@brianjmc1

2 unmanaged switches?

brianjmc1

Yes, sir

A Former User

@brianjmc1

I've reread your post. Do I understand it correctly, that now your issue is that the OPT1 network can access the LAN network?

brianjmc1

Original pfsense, lan cannot access opt1, opt1 cannot access lan

Little while ago setup a brand new pfsense.... after adding opt1 rule for internet and lan access opt1, and opt1 access lan, it works, so issue with original pfsense...

Thanks,
Brian

A Former User

@brianjmc1

I'm having difficulties understanding the issue. It would help if you do not compare some setups, but just say what the issue is with the current setup.

brianjmc1

please see message #7 for the issue....
thanks!

Jarhead

@brianjmc1 Did you do the packet capture?

A Former User

@brianjmc1

#7?

'OK, in my home lab, I built a brand new PFsense 2.6
configured WAN, LAN, OPT1

Out of the box, LAN has internet , OPT1 does not...
added rule for Opt1, now it has internet.

No pinging from LAN to OPT1 devices or OPT1 to LAN devices
added a rule on LAN to pass traffic to OPT1
added a rule on OPT1 to pass traffic to LAN

It works and can access either direction......

must be something wrong with original PFsense that i have been trying...
that's my only conclusion.... extremely frustrating....

only other difference is on original not working right, I have openVPN and IPSEC tunnels..

I need a drink!!!!!!"

Well, saying it is "not working right" doesn't say much. I think I need to say bye. Sorry.

brianjmc1

@brianjmc1 said in VLAN, LAN can ping trunk, cannot ping any devices:

Newbie screwed up terminology - sorry about that!!!!
No VLAN, I have WAN, LAN and LAN2, on three of the interfaces... Two physical different LANS

I want LAN to be able to pass traffic to LAN2. I do not want LAN2 to be able to pass traffic to LAN.

again, setting up security cameras on LAN2 and want to keep any traffic out of LAN. I do want to be able to access the cameras, that's why I want LAN to be able to pass traffic to LAN2.

Currently LAN can ping LAN2 trunk only(no devices on LAN2).
Lan2 can ping LAN only trunk(no devices on LAN).

@kjk54 -this is the issue - sorry, understand and thanks for your help!!!!

brianjmc1

@Jarhead @kjk54
Thank you BOTH for taking time and helping out....

I finally found the issue, used backup\restore to my test duplicate setup....

There is a IPSEC VPN tunnel that is grabbing 192.168.0.0/16 traffic. Once I disable the VPN, everything is working... So I need to change LAN2(or OPT1) to a different class C address away from 192.168...

Thanks again, really appreciate the help!!!!!!
Brian