Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi-LAN, can't reach NAS on LAN1 from LAN2

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      daspaul
      last edited by

      Hi everyone,

      i'm pretty new to pfsense.

      i have a pfsense 2.0.1 here with 4 NICs, 2 for WAN and 2 for LAN.

      I tried to reach a NAS (which is on the first LAN) with Client from the second LAN.
      That for I configured a gateway on LAN1 and two firewall rules:
      on LAN2-NIC: 10.10.64.1/18 allowed all Ports –> single host 10.10.1.1
      on LAN1-NIC: single host 10.10.1.1 allowed all Ports --> 10.10.64.1/18

      I tried an SMB connection as well as a ping from a client on LAN2, both didn't reach the NAS

      the configuration for the LAN connections are the following:

      LAN1:
      Static IP: 10.10.1.2/18
      DHCP: 10.10.4.1 - 10.10.9.253
      some clients with static IPs (not in the DHCP range)
      NAS with static IP 10.10.1.1

      LAN2:
      Static IP: 10.10.64.1/18
      DHCP: 10.10.66.1 - 10.10.76.253
      some Client with static IPs (not in the DHCP range)

      NAT is set to automatic (yes, i know, not the best choice, that'll be my next step)

      LAN1 and LAN2 both work fine with the two WAN connection.

      Thanks in advance for any hints

      1 Reply Last reply Reply Quote 0
      • P Offline
        phil.davis
        last edited by

        That for I configured a gateway on LAN1

        Both LAN1 and LAN2 are direct connected to pfSense, so it will route between them without having to be told anything. Remove any gateway stuff you put on the LAN(s). Firewall rule(s) on LAN1 and LAN2 to allow traffic you want (initiated from LAN1 and LAN2 respectively) should be all that is needed.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • D Offline
          daspaul
          last edited by

          thanks for the anwser.

          i deleted the gateway and now have two rules:
          (see attachments)

          LAN1 (named LAN):
          source LAN1
          all protocols
          destination LAN2 (named LAN2DHCP)

          LAN2 (named LAN2DHCP)
          source LAN2 (named LAN2DHCP)
          all protocols
          destination single host 10.10.1.1 (wich is at LAN1)

          could the subnets of both LAN-NICs (10.10.1.2/18 and 10.10.64.1/18) cause any trouble, that the rules won't work?

          packet capturing shows following on LAN2 for destination 10.10.1.1
          12:38:58.889613 IP 10.10.1.1.138 > 10.10.255.255.138: UDP, length 207

          NAS_to_LAN2.png
          NAS_to_LAN2.png_thumb
          LAN2_to_NAS.png
          LAN2_to_NAS.png_thumb

          1 Reply Last reply Reply Quote 0
          • H Offline
            heper
            last edited by

            did you fill in the gateway on the NAS device (the webconfig of the NAS itself)

            1 Reply Last reply Reply Quote 0
            • D Offline
              daspaul
              last edited by

              the NAS gateway is set to 10.10.1.2, which is LAN1

              from any source of LAN1 to the NAS, there's no problem.

              but still pfsense seems not to allow the packets from LAN2 to the NAS

              1 Reply Last reply Reply Quote 0
              • H Offline
                heper
                last edited by

                That for I configured a gateway on LAN1

                could you elaborate on that ? you didn't enter a gateway on the LAN1/LAN2 interface configuration page right ?
                If you did –> remove it ... only WAN connections need this filled in.
                                --> check NAT because i'm not entirely sure if it will automagically remove the faulty NAT-rules that were created when ya added a gateway to your LAN(s)

                i'm not sure what else could be wrong ... the screenshots you provided seem ok to me

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.