Ping loss LAN interface and WAN interface



  • Hi all,

    I installed a new Pfsense server with 2 network ports, this is my config:

    LAN interface:
    ip adresse: 10.10.1.1
    mask: 255.255.255.0

    Wan interface:
    ip adresse: 192.168.1.2
    mask: 255.255.255.0
    Getway: 192.168.1.1 (is the router)

    The DHCP server is activer from LAN interface, and all the users is connecting with this interface.

    Evenrything is OK, all users can navigate to interfnet and connect to diffirents servers (192.168.1.xxx).

    My problèm is from the Wan interface we can't ping the LAN interfac.

    Ping from LAN to WAN ==>OK
    Ping from WAN to LAN ==> No

    How can active this rules ?
    Thx



  • The whole point of a firewall is to stop people from doing stuff like that.  If you want to, you must add a firewall rule on WAN to allow it.  You will also need to uncheck the Block private networks option for the WAN interface.



  • 'Block private networks and loopback addresses'
    is not activate, another sugestion ?



  • Rebel Alliance Global Moderator

    That has nothing to do with it..  Pfsense out of the box would be natting your traffic from your 10 network to your 192.168 address.

    What exactly are you wanting to get out of pfsense?  So you have servers on 192.168 network?  And then your wanting to put users behind a NAT??  Pfsense is really meant to replace your router and then you would have your multiple network segments servers and users for example..

    If you want to use it as downstream router/firewall it really should be connected to your network via a transit network, etc.  Or you going to run into asymmetrical routing issues.  If you nat to get around the asymmetrical routing then you would have to port forward, etc. etc..



  • My problèm is very simple, my LAN can see WAN but my WAN can't see the LAN.

    how do active this, i nedd to LAN see WAN and WAN see LAN ?


  • Rebel Alliance Global Moderator

    You would either port forward the stuff you want your wan to get to on your lan.  Or you would turn off NAT and firewall, or just turn off firewall and nat and use as a router.

    It is all very simple! ;)  Understanding how you want to set it up is the hard part, its like pulling teeth to get the information need to help it seems.

    If your not going to nat, then you will most likely have asymmetrical routing from your servers to your user network behind pfsense.  If you nat then you need to port forward.



  • Help please, how i can active this ?

    The WAN interface is don't see the LAN interface.


  • Rebel Alliance Global Moderator

    Activate what??  For starters what mode are you running?  Is it just pfsense out of the box with your typical nat?  Then just port forward what you want to access behind..

    https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

    If you want your wan to be able to talk to your lan - what exactly do want to do with pfsense in your network??



  • The WAN interface is don't see the LAN interface.

    Again, this is how firewalls work.  If you won't explain in detail what you're trying to do, we can't help you.



  • Well, you can achieve what you want but it's not recommended in your setup. Turn off outbound NAT in the NAT rules and then tell your upstream router in the 192.168.1.0/24 network with a static route that there is a another network 10.10.1.0/24 behind the pfSense router. This works sort of but now you have a case of asymmetric routing. I would just keep the NAT on the pfSense and live with the fact that the pfSense LAN is not directly accessible from its WAN network.



  • This is my config, the end users can :

    -navigate in the internet,
    -connect in diffirents servers (server1 ,server2 …)

    but from the server i can't see or connect to printer for exemple, how shes conecte in LAN (10.10.1.xxx).




  • Get a third network card to your pfSense and set up a DMZ network using that third NIC with the servers in it.

    https://doc.pfsense.org/index.php/Installing_pfSense#LAN.2C_WAN.2C_OPTx

    https://doc.pfsense.org/index.php/Example_basic_configuration


  • Rebel Alliance Global Moderator

    And again that setup is BORKED!!  You can live with it and port forward across your nat your doing… Or you could set it up correctly.

    What do you want to do???