LAN any to any not working
-
Hello,
First post here, and hopefully someone can tell me what I'm doing wrong.
Initially I had everything I own all crammed onto one network. I am now attempting to go down the rabbit hole of creating VLANS and must have read 100 different pages/threads/examples by now and am getting frustrated over what should be "simple"
I would like to have 3 networks 1 LAN and 2 VLANs which are also all available wirelessly (via a Ubiquiti AC-HD AP and managed switch via the "router on a stick" method.)
Through the reading I have done, creating my home LAN and the wireless version of that works fine, creating a IoT VLAN2 with internet only access and blocking access to the LAN and its associated wireless seems to work fine, and the LAN can still initiate and ping devices in the IoT VLAN and not the other way around (which is great and what I was going for, although outbound NAT got me hung up for a while as it was in manual mode for some reason)
Heres the kicker the last VLAN3 I am attempting to configure I would like to have no access to the internet, and only be accessed by the main network, wirelessly or wired. Ive managed to get the interface setup, and a DHCP server such that it provides addresses, but no matter what I have tried, I cannot get a ping to go from my LAN to that VLAN under any circumstance. My LAN has ONLY the default rules including the LAN any to any rule for all protocols. I have attempted to add rules specific for LAN to VLAN3 for any protocol, tried adding the matching rule on the VLAN side, and have read via here and other places about how the firewall functions and would really like to know which way the rules work as I have seen it both ways (the rule has to be on the outgoing interface and the rule has to be on the incoming interface) which is it, or is it both in my case?
I could potentially provide screenshots, but this seems like it should be really straight forward and the LAN any to any rule should cover what I am attempting?
Thanks,
Eric
Edit:
After some more reading I saw some suggestions about pinging from the tool within pfsense and tried that, from the same interface it works, from the LAN interface it does not
-
Rules have to set on the incoming interface.
@goldenwings said in LAN any to any not working:
After some more reading I saw some suggestions about pinging from the tool within pfsense and tried that, from the same interface it works, from the LAN interface it does not
This has mostly one of this two reasons:
- Wrong network settings on the destination device or on pfSense interface, e.g. no gateway set on the device.
-The destination device itself blocks the access because of its firewall.
I assume, the gateway settings should be fine, since it is set by DHCP. However, maybe the device has no gateway option?
- Wrong network settings on the destination device or on pfSense interface, e.g. no gateway set on the device.
-
You were absolutely correct about the firewall. This was a windows 10PC that I put on that network and just assumed (I know, my bad) that it wouldn't be a problem. After turning that off, the pings went through just fine. In addition, pings from other devices on the LAN also return, thanks for your suggestion.