Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trouble Routing traffic between servers on two physical LANs(Interfaces)

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 415 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      starshooter10
      last edited by

      *I will note I run a number of clubs like this,all are identical.

      Heres what I want to do:
      I have a number of nightclubs with a client server Point of Sale system that bookmarks transactions in the surveillance DVR
      To meet compliance the POS system must be on a separate network.
      I want to keep my surveillance on it's own lan (read below) but I want to open the firewall (NAT?) to allow data to pass from one physical interface (lan) to another. (DVR to POS server)
      I also need to allow the managers PC to access the DVR, but I'm guessing it uses the same method.

      Heres What I have:
      SuperMicro based PFSense (currently 2.3.1)
      dual onboard for WAN (two tier gateway group for failover based on member down, works fine)
      -Static for the main WAN
      –DHCP to the 4G gateway.

      add in intel i350-t4
      POS LAN with POS server 192.168.140.1/24
      Security network mostly IP cams 192.168.141.1/24
      Club network (DJ and managers use this) 192.168.142.1/24
      Guest LAN (unsecured WLAN) 192.168.143.1/24

      The important boxes are all setup with aliases

      Ive tried all kinds of firewall rules even all to all.
      I've tried NAT, but dont think I was doing that right...

      Here's an example of what I've tried, this was on LAN1 and LAN2

      Rules (Drag to Change Order)
      States Protocol Source Port Destination Port Gateway Queue Schedule Description Actions
      0 /0 B
      IPv4 * 192.168.140.0/24 * 192.168.141.0/24 * * none TEST  
      0 /17 KiB
      IPv4 * 192.168.141.0/24 * 192.168.140.0/24 * * none TEST  
      0 /0 B
      IPv4 * POS Server * DVR3VR * * none  
      0 /0 B
      IPv4 * Manager * DVR3VR * * none  
      0 /0 B
      IPv4 * DVR3VR * POS Server * * none  
      0 /0 B
      IPv4 * DVR3VR * Manager * * none  
      0 /0 B
      IPv6 * OFFICE_DVR_LAN_141 net * * * * none Default allow LAN IPv6 to any rule  
      49 /157.78 GiB
      IPv4 * OFFICE_DVR_LAN_141 net

      1 Reply Last reply Reply Quote 0
      • S Offline
        starshooter10
        last edited by

        Do I need to setup a Static Route?

        https://doc.pfsense.org/index.php/Static_Routes

        1 Reply Last reply Reply Quote 0
        • johnpozJ Online
          johnpoz LAYER 8 Global Moderator
          last edited by

          Pfsense will automatically route between networks be physical interfaces or vlans..  The only thing you have to do is create firewall rules on the optX interfaces you bring up..

          You seem to be creating rules on your lan for these other networks??  What rules did you put on the other networks interfaces?

          Post pictures btw of your rules - so much easy to read ;)

          Rules are evaluated as the traffic enters and interface from the network towards pfsense.
          First rule to trigger wins
          No other rules are evaluated.
          If no rules trigger then deny (default not shown deny rule).

          I would suggest while you test you just create any any rule on your new network interfaces.  Then start restricting traffic, etc.

          Keep in mind that hosts can be running their own local firewall.. Windows out of the box for example if on 192.168.1/24 would not allow access from 192.168.2/24… So while you can route and allow the traffic on pfsense - you still may need to config any local firewall rules your running to allow the access from these other networks.

          Your IP cameras -- do they have gateway set?  Are they dhcp or static?  If a device does not talk back to pfsense as its gateway to get off its local network, then no you would not be able to talk to it from another network - it would not have internet access, etc.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.