Multi LAN NIC Woes

jcarmi04

I've been bashing away at this for a few days with little or no luck resolving. Setting up a multi LAN NIC environment (not using a downstream managed router to handle).

Two things I'm struggling with:

1. LAN3 can get WAN access and can LAN(1) access, but LAN(1) cannot ping or reach LAN3

2. If I try to block LAN3 from accessing LAN(1) - whether setting up rules on either LAN, switching IPv4 or 6 or both - I cannot stop the continuous ping from LAN3 reaching LAN(1)

Here are my details:

LAN: 192.168.1.1
LAN3: 192.168.3.1

Routing
Gateways
WAN_DHCP
WAN_DHCP6

LAN Interface is using IPv4 and IPv6 (Track Interface through the WAN)

DHCP Server
Enabled for both (neither static nor DHCP makes a difference)

DNS Forwarder
Enabled for All Interfaces

Firewall
Port Forwarding
WAN rule for Plex

Firewall
Outbound
Auto (2 rules ISAKMP and auto for WAN)

Firewall
Rules
Will copy and paste

WAN

States Protocol Source Port Destination Port Gateway Queue Schedule Description Actions
0 /0 B

• RFC 1918 networks * * * * * Block private networks
  0 /31 KiB
• Reserved
  Not assigned by IANA * * * * * Block bogon networks
  0 /1.26 GiB
  IPv4 TCP * * 192.168.1.12 32400 * none NAT plex wan passthrough

LAN

States Protocol Source Port Destination Port Gateway Queue Schedule Description Actions
3 /14.82 MiB

• • • LAN Address 443
      80
      22 * * Anti-Lockout Rule
      0 /34 KiB
• Reserved
  Not assigned by IANA * * * * * Block bogon networks
  68 /-651520224 B
  IPv4 * LAN net * * * * none Default allow LAN to any rule
  24 /263.34 MiB
  IPv6 * LAN net * * * * none Default allow LAN IPv6 to any rule
  0 /0 B
  IPv4 TCP * * * 53 (DNS) * none

LAN3

States Protocol Source Port Destination Port Gateway Queue Schedule Description Actions
0 /37 KiB

• Reserved
  Not assigned by IANA * * * * * Block bogon networks
  0 /0 B
  IPv4 * LAN3 net * LAN net * * none
  0 /0 B
  IPv4 * LAN3 net * LAN2 net * * none
  0 /5.57 MiB
  IPv4 * LAN3 net * * * * none Default allow LAN to any rule
  0 /0 B
  IPv4 TCP * * * 53 (DNS) * none

^^Rule #2 and #3 are rules to block between LANs for LAN3

Rico

Can you please post your settings as screenshots?
That is a total mess to read, I feel dizzy now.

-Rico

jcarmi04

@rico sorry about that! You'll notice I hacked up LAN3's Rules slightly, which was only done for legibility (and if anyone needs to follow this string in the future).

WAN:

LAN:

LAN3:

jcarmi04

@jcarmi04 So, I was able to resolve item #2, but I think it caused an item #3 to spring up (or at least a bug for my server).

I can prevent inter-LAN communication IF I build the rules accordingly:

1. Block LAN3 to LAN(1)
2. Allow LAN3 all

If I do not build the block rule first, pings/etc get through. WTF????

Once built this way, I can use the re-order and it works as expected (i.e., drag LAN3 all above the block rule and pings go through and then drag the block above all and pings stop).

Any thoughts?

(I assume, if I clear my LAN rules and re-add them, this will fix #1 too...but will post when I can pull my LAN down and test.)

jcarmi04

Was hoping to see some other responses, but clearing the rules and re-adding them in a specific order fixed my problem.