Problem with OPT2 LAN
-
I have a perplexing issue with pfSense 1.2.3. I'm not sure if the problem is with the machine or with me.
I have OPT2 set up for a second LAN. Client machines on that network are isolated from the main LAN, but are allowed to access the Internet. The DHCP server in pfSense is also used to give client machines on the OPT2 network their IP addresses. This setup was working properly for a couple of months after installing pfSense.
Then a week ago or so, I changed the IP address and subnet of OPT2, and modified the DHCP settings as well to reflect the new network. Now I cannot access the Internet from any computer connected to OPT2. I also cannot ping the IP of the OPT2 interface from any of the computer connected to it. HOWEVER, I AM ABLE to release and renew the IP address on the client machines, and pfSense is gving out addresses from the new pool.
Although I had not changed any OPT2 firewall rules since it all had been working, I added a rule in the topmost position that allows total access to everything - all asterisks except on the schedule column. I have also attached a single computer to the OPT2 port to be sure it wasn't a switch problem on that network. It can release and renew the IP address, but that is all the connectivity it has to pfSense or the Internet.
Under Status > Interfaces, OPT2 shows up, the IP address is correct, and the link light on the card is on. It is not just a DNS issue - I cannot browse or ping to any website even with the IP address only. I don't see anything being blocked in the firewall status, but so many events show up there (from my other LAN, WAN, etc) that I could be missing it.
Hopefully it is a simple mistake on my part, but I'm starting to think otherwise.
Any suggestions?
-
Did you try a firewall state table reset (from Web GUI: Diagnostics -> States click on Reset States tab then click on the Reset button) or a reboot?
-
Wallabybob is correct. This stumps many people at first.
Just do a reboot or clear the state. Your pfsense rtr will be working perfect. -
It would be nice to see from pfSense:```
ifconfig
pfctl -sr
pfctl -snAnd from the pc connected to OPT2:ipconfig /all
-
Thanks for the responses. I have already cleared the states, and rebooted as well with no improvement. Eugene: I'll collect the information you requested and include it in a later post.
-
I have also the same problem. Ipconfig from computers at Opt2 are ok, but i am not allowed to ping any ip adresses outside. I have checked my roules but i think they are ok. I have also rebootet my Pfsense several times, and i have also tried to use several diffrent subnets at Opt2, but i still can not access internet. I am only getting answers from OPT2 NIC and my internet ip adress. The green light at the Opt2 NIC, lights.
Both the LAN interface and OPT1 interface workes just fine….Is it possible that both my opt2 interface and GreatCoveTechs Opt3 interface cards are defect ? I am using a realtech card for OPT2. -
jonny@aalgaard.org: Have you added a firewall rule to allow OPT2 to access the internet?
-
Yes, i have wallabybob. The only rule at Opt2 interface are "allow - Source:Opt2 subnet - Destination:Wan address". No other rules are added to Opt2. I am using Fpsense version 1.2.3-RC1.
-
An access with source Opt2 Subnet and destination Internet won't match that rule!
You need to change destination to * if you want completely open access from OPT2. But I don't know exactly what access you want to allow from Opt2.
WAN address is the IP address on the WAN interface. Did you think it meant something else?
-
wallabybob ! I have changed my rule to " * Opt2 net * * * * This rule are set to pass. No other rules are added. I want to use the Opt2 NIC for my tenantry. I don
t want him to have access to my computers, and i also dont want to have access to his computer. I know i have to add more rules to disable access to and from LAN - Opt2 NICs, but i think it is strange that i am not able to get access from Opt2 NIC to any internet addresses.
I thought that my previous rule would gain access to all internet addresses, but i think youre right, and have therefore changed the rule as mentioned. After i changed the rule,i am now getting ping answer from the NIC on OPT2, from my computer at the LAN interface NIC, from my other tenantrys computer at OPT1 as well as my internet address. I am not able to ping for example www.cnet.com or cnets ip 216.239.122.164. I have also reset stats, and rebootet my Fsense, but i am stuck ! -
I managed to solve the problem by myselves. I had forgot to add an entry to the "Firewall: NAT: Outbound" as i am not using "Automatic outbound NAT rule generation", but the "Manual Outbound NAT rule generation". I am using manual because of PS3 access to online gaming. Thanks alot for the help anyway. Maybe this issue are the same for GreatCoveTech ? I really hope so 8)
-
Just add rules above that firewall rule to block access to the networks you don't want to be accessed.