Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Rules that allowing LAN and OPT1 can access eachother

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aldochiu
      last edited by

      Hi!

      I am running pfsense 1.2 with three interfaces, WAN(public ip), LAN (10.0.0.0/24) and OPT1 (10.0.1.0/24)

      Besides default rules, in the firewall rules of LAN, I allow any proto, any source and any port to and from OPT1 and did that vise versa in OPT1

      I was assuming the above setting can allow the PCs connected to two interfaces can ping each other, however, it seems that something is missing.

      I can't say I am totally new to networking but without touching it for several years, I would say I am going back to the fresh start!

      Please, anyone give me a hint!

      Many thanks!

      Aldo

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Can you show a screenshot of your firewall rules?

        Did you make sure that the firewall on the computer to be pinged is disabled?

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • A
          aldochiu
          last edited by

          Ohh thanks!

          Here is the firewall rules for OPT1

          And for LAN

          As well as for WAN

          I also double checked the firewall setting on local PCs, they are not blocking the traffic I desire, I even turned them off to test.

          Wishes,
          Aldo

          1 Reply Last reply Reply Quote 0
          • A
            aldochiu
            last edited by

            I think I solved this problem but I am still quite not understand why.

            I created another firewall rule under WAN interface to allow ICMP proto from any source to LAN subnet (I am testing on a LAN PC), then I can ping from LAN to OPT1 without any problem.

            Thinking I should need to put another rule to allow ICMP proto from any source to OPT1 subnet in order to let OPT1 PCs can ping to LAN PCs?

            So, is it mean the ICMP packets are going through WAN interface at all times even at my situation that pinging from LAN to OPT1?

            1 Reply Last reply Reply Quote 0
            • GruensFroeschliG
              GruensFroeschli
              last edited by

              Your rules are kind of messy.

              http://forum.pfsense.org/index.php/topic,7001.0.html
              The part about rules.

              You should start on all interfaces with a * * * * * * rule (anything from anywhere to anywhere) and then see if it works.
              Then start making the rules more restrictive.

              Rules on the WAN do not affect traffic from LAN to OPTx in any way.

              We do what we must, because we can.

              Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

              1 Reply Last reply Reply Quote 0
              • M
                mikeisfly
                last edited by

                Yeah your rules are messy. You have to remember the first rule on each interface that gets a hit will, be ran and everything after that will be ignored. In your lan rules you have any protocol on the Lan subnet can go anywhere with any protocol so all the other rules on that interface are pointless. The same for OPT1. If you get rid of the rest you should be good. Make sure the rest of the computers don't have a personal firewalls blocking ICMP packets.

                Good Luck.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.