Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    can't ping one direction

    Scheduled Pinned Locked Moved Firewalling
    7 Posts 4 Posters 595 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      tl5k5
      last edited by tl5k5

      3 post in 2 day...I'm I setting a record?

      Anyway, I have two VLAN's, 40 and 1001.
      40 has my domain controller with DHCP. 1001 has workstations.
      The only rules I have on both are allow any protocol from any source to any destination.
      My workstations on 1001 will not connect to DHCP. I tested ping and I can ping from 1001 to 40, but not 40 to 1001. I can only ping the 1001 gateway from a 40 system.
      If I manually plug in an IP address on a 1001 workstation, I can get to the internet.
      For some reason my 40 to 1001 communication is blocked.

      V 1 Reply Last reply Reply Quote 0
      • A Offline
        akuma1x
        last edited by akuma1x

        Put up a screenshot of your VLAN40 rules and your VLAN1001 rules. Mask or black out anything "private" if you need to.

        Jeff

        T 1 Reply Last reply Reply Quote 0
        • V Offline
          viragomann @tl5k5
          last edited by viragomann

          @tl5k5
          So you want to pull IP settings from the DHCP on the other subnet? Then you have to configure the DHCP relay on pfSense.

          1 Reply Last reply Reply Quote 0
          • T Offline
            tl5k5 @akuma1x
            last edited by

            @akuma1x
            Here you go.
            Selection_009.png
            Selection_007.png
            Selection_008.png

            1 Reply Last reply Reply Quote 0
            • A Offline
              akuma1x
              last edited by akuma1x

              @tl5k5 It's generally good practice to set the SOURCE field in your firewall rules as the name of the interface the rule runs on.

              In your case, even though the ALLOW any rules on both interfaces are passing traffic, you might want to set the source(s) to LAN net and VLAN1001 net, respectively. I don't think that's keeping ping traffic from working, however.

              Sometimes, the hosts you're trying to access from different subnets have their own built-in firewalls that keep unwanted traffic out. Have you checked all of that, too?

              Other times, some hosts don't have firewalls, and they can be talked to from different subnets. As an example, I have a bunch of Roku boxes on a STREAM subnet. I can ping these guys all day long from my LAN subnet, simply by using the default allow LAN to any rule.

              Jeff

              T 1 Reply Last reply Reply Quote 0
              • johnpozJ Online
                johnpoz LAYER 8 Global Moderator
                last edited by

                @akuma1x said in can't ping one direction:

                hosts you're trying to access from different subnets have their own built-in firewalls

                Exactly - this comes up like daily here to be honest.. Why can I not access PC on other vlan..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07 | Lab VMs 2.8, 25.07

                1 Reply Last reply Reply Quote 0
                • T Offline
                  tl5k5 @akuma1x
                  last edited by

                  @akuma1x @johnpoz @viragomann Thank you all. The DHCP relay did trip me up. I normally turn off private firewall on my Windows clients, but didn't on these workstations...so that got me too!
                  I've been my own worst enemy on this config!!! :-\

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.