Multi LANs Cannot ping each other
-
Pfsense 3 physical ports 1 virtual (for OpenVPN bridging purposes)
1) 172.16.0.1/16 Main LAN
2) 172.18.0.1/16 Wireless LAN
3) 192.168.2.1/24 Specific Server
4) (Virtual Device no address for VPN use only)I have the VPN device (virtual) bridged with the physical 192.168.2.1/24. The trouble I have is if I ping the server on the physical 192.168.2.1/24 (the address is 192.168.2.20) from the PFSense firewall I see the connection. If I look on my ARP table I see the servers address. I can ping the physical port from any of the LANs (ex. ping 192.168.2.1 from the Wireless LAN address)But if I try to ping from a device on the MainLAN(172.16.0.1/16) or Wireless LAN(172.18.0.1/16) I get no response to the server 192.168.2.20. I have rules in place at the top (PASS> IPv4>Protocal: ANY > Source: ALL > Destination: ALL) under the wireless LAN (172.18.0.1/16), Specific Server (192.168.2.1/24), and virtual Device. I don't know what to enable or do to allow specifically my Wireless LAN to communicate with the virtual and specific server devices. Please help!
-
And what about firewall on devices in your lan.. Windows for example out of the box is not going to allow ping from devices not on its network.
Really a /16 mask? So plan on having 65k some devices on these networks?
As to some vpn device bridged?? Huh?
-
Thanks for responding johnpoz I have enabled the firewall rule for incoming ICMP (IPv4 and IPv6) on another computer on the Server LAN (192.168.2.1/24 specifically 192.168.2.131). I can ping this device from PFSense if I set the Source Address to the Server LAN. Otherwise I cannot ping this computer from the Main LAN or Wireless LAN.
Secondly yes I know /16 address is overkill :D. It is for a small business that wants to divide hundreds of devices (wired/wireless) to different subnets for organization (ex. wireless guest 172.18.1.X and wireless domain users 172.18.2.X).
Thirdly I have a OpenVPN TAP connection to a virtual device that is bridged to the physical Server LAN. This ensures if I connect a person via VPN I can have an IP address on the Server LAN. This provides the server to directly reply to the device. This is a special old network server.
I hope this helps key you into my config.
-
So you have some sort of bridge and your trying to ping from other opt networks to this bridge network? What firewall rules do you have on this bridge interface? How exactly did you setup the bridge?
What sort of virtual device?? can wireless 172.18.0.? Ping something on 172.16.0.?
How exactly are they going to subnet these networks down.. What does that have to do with pfsense having a /16 mask on its actual interface??? That makes no sense at all..
-
Sorry for the confusion. I have 3 physical ports configured to 3 interfaces.
Main LAN(172.16.0.1) DHCP
Wireless LAN(172.18.0.1) DHCP
Specific Server LAN(192.168.2.1) no DHCP
I also have an OPT interface with no address for the VPN to use. *I followed the OpenVPN TAP how to. Which said to create a OPT interface and bridge it with the interface you want the IP addresses to show up on.I then under the interfaces tab bridged the Specific Server LAN and the OPT interface. Now to the rules…. I have rules on each interface Main LAN, Wireless LAN, Specific Server LAN, and OPT interface as the TOP rule to: PASS> IPv4>Protocal: ANY > Source: ALL > Destination: ALL. Now with that there is no other interface(s) listed under the rules tab except WAN and OpenVPN. Now I can ping any address from Main LAN to Wireless LAN and vice versa (172.16.0.X ping 172.18.0.X and 172.18.0.X ping 172.16.0.X) with no issues. The only issue I have is if I try to ping the Server LAN from either the Main LAN or Wireless LAN. I have 2 devices currently on the Server LAN address 192.168.2.20 and 172.168.2.131, both are configured to allow incoming pings. Now if I go under the diagnostics page on PFSense and use the PING tool I can ping the two devices on the Server LAN IF I set the source address to the Server LAN.
