Allow Traffic Between Two Interfaces



  • I have 4 interfaces on my pfSense device.
    I want two of them to freely access each other.

    INT1 = 192.168.4.1/24
    INT2 = 192.168.5.1/24

    When an app in 192.168.5.9 listens on port 80, I can't access it from 192.168.4.2.
    I have rules allowing traffic from INT1 to INT2 and vice versa. Both allow traffic from each other on ALL protocols.
    What am I missing? I also don't have "block traffic from private addresses" checked.

    Please advise


  • LAYER 8 Global Moderator

    well you only need the rules on the interface the traffic would first hit pfsense.

    You sure the host your wanting to get to is not running a software firewall on it?

    Post up your rules..



  • As I always confuse about which interface should have the rules, I set in both.

    So for example in my case, which one is the one hits first that you say it should have rules only?

    See attachment for my rules. Also non of the parties have software firewall in place





  • LAYER 8 Global Moderator

    is that all of your rules.  Where do clients get dns from?  I don't see any rules that would allow dns?

    So your wireless interface when would there ever be traffic hitting wireless interface in pfsense from myserver net??  So those rules are useless and pointless

    Same goes on your myserver interface.  When would traffic from wireless ever hit myserver interface in pfsense?

    Where is the traffic going to be generated at.  This is the interface the rules are created to either allow or block specific traffic, etc.

    So something on wireless net wants to talk to anything outside of wireless net it has to send that traffic to pfsense interface in wireless which is its gateway to get off wireless net.  So this is where you would place the rules - and answer to that traffic would be allowed by the state created.  So the return traffic needs no rules.

    so
    INT2 = 192.168.5.1/24

    So some machine lets call it 192.168.5.100 wants to talk to some box on 192.168.4 – the 192.168.5.1 interface needs the rule to allow that traffic.



  • Wireless is the 192.168.5.1/24
    MyServer is 192.168.4.1/24

    I want any application from Wirelss NET to access apps in MyServer and MyServer to connect to ports open in Wireless Net.

    About rules, yes, some of them might be redundant, useless, pointless. But I'm desperate. I want to add allow rules to all interfaces as much as possible to just get this working, then I will remove the pointless ones. But I can't. I'm sure none of my "allow" rules are causing this to not to work. First I need to see 192.168.4.8 connecting to 192.168.5.10 on port 80.



  • For testing purposes, you only need one rule on each internal interface: Allow All to Any, like this:



  • LAYER 8 Global Moderator

    your 3rd rule on your myserver net say any any to wireless net.  But I show no hits on it..

    Your wireless net rule says any tcp to myserver net but again NO Hits on it..  So is pfsense not the gateway for these networks?  Or you would see hits on those rules!!


Log in to reply