Problem with OPT2 LAN

wallabybob · Feb 24, 2010, 11:35 PM

Did you try a firewall state table reset (from Web GUI: Diagnostics -> States click on Reset States tab then click on the Reset button) or a reboot?

tommyboy180 · Feb 25, 2010, 1:03 AM

Wallabybob is correct. This stumps many people at first.
Just do a reboot or clear the state. Your pfsense rtr will be working perfect.

Eugene · Feb 25, 2010, 6:36 AM

It would be nice to see from pfSense:```
ifconfig
pfctl -sr
pfctl -sn

And from the pc connected to OPT2:

ipconfig /all

GreatCoveTech · Feb 25, 2010, 5:17 PM

Thanks for the responses. I have already cleared the states, and rebooted as well with no improvement. Eugene: I'll collect the information you requested and include it in a later post.

jonnyaalgaard.org · Feb 28, 2010, 10:31 PM

I have also the same problem. Ipconfig from computers at Opt2 are ok, but i am not allowed to ping any ip adresses outside. I have checked my roules but i think they are ok. I have also rebootet my Pfsense several times, and i have also tried to use several diffrent subnets at Opt2, but i still can not access internet. I am only getting answers from OPT2 NIC and my internet ip adress. The green light at the Opt2 NIC, lights.
Both the LAN interface and OPT1 interface workes just fine….Is it possible that both my opt2 interface and GreatCoveTechs Opt3 interface cards are defect ? I am using a realtech card for OPT2.

wallabybob · Feb 28, 2010, 11:47 PM

jonny@aalgaard.org: Have you added a firewall rule to allow OPT2 to access the internet?

jonnyaalgaard.org · Mar 1, 2010, 7:04 AM

Yes, i have wallabybob. The only rule at Opt2 interface are "allow - Source:Opt2 subnet - Destination:Wan address". No other rules are added to Opt2. I am using Fpsense version 1.2.3-RC1.

wallabybob · Mar 1, 2010, 7:35 AM

An access with source Opt2 Subnet and destination Internet won't match that rule!

You need to change destination to * if you want completely open access from OPT2. But I don't know exactly what access you want to allow from Opt2.

WAN address is the IP address on the WAN interface. Did you think it meant something else?

jonnyaalgaard.org · Mar 1, 2010, 12:07 PM

wallabybob ! I have changed my rule to " * Opt2 net * * * * This rule are set to pass. No other rules are added. I want to use the Opt2 NIC for my tenantry. I dont want him to have access to my computers, and i also dont want to have access to his computer. I know i have to add more rules to disable access to and from LAN - Opt2 NICs, but i think it is strange that i am not able to get access from Opt2 NIC to any internet addresses.
I thought that my previous rule would gain access to all internet addresses, but i think youre right, and have therefore changed the rule as mentioned. After i changed the rule,i am now getting ping answer from the NIC on OPT2, from my computer at the LAN interface NIC, from my other tenantrys computer at OPT1 as well as my internet address. I am not able to ping for example www.cnet.com or cnets ip 216.239.122.164. I have also reset stats, and rebootet my Fsense, but i am stuck !

jonnyaalgaard.org · Mar 1, 2010, 12:30 PM

I managed to solve the problem by myselves. I had forgot to add an entry to the "Firewall: NAT: Outbound" as i am not using "Automatic outbound NAT rule generation", but the "Manual Outbound NAT rule generation". I am using manual because of PS3 access to online gaming. Thanks alot for the help anyway. Maybe this issue are the same for GreatCoveTech ? I really hope so 8)

Efonnes · Mar 1, 2010, 7:36 PM

Just add rules above that firewall rule to block access to the networks you don't want to be accessed.