VLAN, LAN can ping trunk, cannot ping any devices
-
OK, in my home lab, I built a brand new PFsense 2.6
configured WAN, LAN, OPT1Out of the box, LAN has internet , OPT1 does not...
added rule for Opt1, now it has internet.No pinging from LAN to OPT1 devices or OPT1 to LAN devices
added a rule on LAN to pass traffic to OPT1
added a rule on OPT1 to pass traffic to LANIt works and can access either direction......
must be something wrong with original PFsense that i have been trying...
that's my only conclusion.... extremely frustrating....only other difference is on original not working right, I have openVPN and IPSEC tunnels..
I need a drink!!!!!!
-
@brianjmc1 Oh, Maybe you have overlapping subnets on the VPN's?
How about any policy routing?
Did you try the packet capture? -
If you do not have VLANs, you have no need for a trunk. You should use access ports on your switch instead.
-
no VLANS, 2x LANS, two different physical networks off of 2x interfaces....
Wan, LAN, OPT1
thanks,
Brian -
Yeah, that's how I understood that. But, how do you connect pfSense to your network? The issue seems to be with that connection, not pfSense. How's your switch configured?
-
@kjk54 sorry, my misunderstanding!!!!
I have two physical not connected, dumb LANS - best way i can say it...
Switch one connects to LAN and connects most devices
Switch two connects to OPT1 and then connects a security camera systemTrying to keep all traffic of OPT1 from getting to LAN...
My PFsense has 4 physical ports WAN, LAN, OPT1, OPT2(not used)
-
2 unmanaged switches?
-
Yes, sir
-
I've reread your post. Do I understand it correctly, that now your issue is that the OPT1 network can access the LAN network?
-
Original pfsense, lan cannot access opt1, opt1 cannot access lan
Little while ago setup a brand new pfsense.... after adding opt1 rule for internet and lan access opt1, and opt1 access lan, it works, so issue with original pfsense...
Thanks,
Brian -
I'm having difficulties understanding the issue. It would help if you do not compare some setups, but just say what the issue is with the current setup.
-
please see message #7 for the issue....
thanks! -
@brianjmc1 Did you do the packet capture?
-
#7?
'OK, in my home lab, I built a brand new PFsense 2.6
configured WAN, LAN, OPT1Out of the box, LAN has internet , OPT1 does not...
added rule for Opt1, now it has internet.No pinging from LAN to OPT1 devices or OPT1 to LAN devices
added a rule on LAN to pass traffic to OPT1
added a rule on OPT1 to pass traffic to LANIt works and can access either direction......
must be something wrong with original PFsense that i have been trying...
that's my only conclusion.... extremely frustrating....only other difference is on original not working right, I have openVPN and IPSEC tunnels..
I need a drink!!!!!!"
Well, saying it is "not working right" doesn't say much. I think I need to say bye. Sorry.
-
@brianjmc1 said in VLAN, LAN can ping trunk, cannot ping any devices:
Newbie screwed up terminology - sorry about that!!!!
No VLAN, I have WAN, LAN and LAN2, on three of the interfaces... Two physical different LANSI want LAN to be able to pass traffic to LAN2. I do not want LAN2 to be able to pass traffic to LAN.
again, setting up security cameras on LAN2 and want to keep any traffic out of LAN. I do want to be able to access the cameras, that's why I want LAN to be able to pass traffic to LAN2.
Currently LAN can ping LAN2 trunk only(no devices on LAN2).
Lan2 can ping LAN only trunk(no devices on LAN).@kjk54 -this is the issue - sorry, understand and thanks for your help!!!!
-
@Jarhead @kjk54
Thank you BOTH for taking time and helping out....I finally found the issue, used backup\restore to my test duplicate setup....
There is a IPSEC VPN tunnel that is grabbing 192.168.0.0/16 traffic. Once I disable the VPN, everything is working... So I need to change LAN2(or OPT1) to a different class C address away from 192.168...
Thanks again, really appreciate the help!!!!!!
Brian