Network blocked

myramp

I have 2 networks 192.168.1.0/24 and 192.168.2.0/24 that are connected with routers over a private t1.
I need 192.168.2.0 to access a specific network 204.146.91.0/24 but my pfsense is blocking 192.168.2.0/24 from reaching it.
The firewall log show it being blocked by the default rule.

The 192.168.2.0 network has access to all other computers on the 192.168.1.0 network.

the 204.146.91.0 network is an private network handled by a vpn box.

GruensFroeschli

http://forum.pfsense.org/index.php/topic,7001.0.html
Please draw a diagram.

myramp

I get these messages in the firewall log when trying to traceroute the network.

Sep 16 15:37:57 LAN 192.168.2.114 204.146.91.130 ICMP
Sep 16 15:37:52 LAN 192.168.2.114 204.146.91.130 ICMP
Sep 16 15:37:48 LAN 192.168.2.114 204.146.91.130 ICMP

GruensFroeschli

More infos please.
Screenshots of firewall rules, did you create an allow-rule for this traffic, how do you test, what are you trying to access, is the 204.146.91.0/24 subnet behind the 172.16.0.2 router,
what is the default gateway of your clients, what is the default gateway of each router, etc.

myramp

Yes I created rules.  At least I think i did. Yes the 204.146.91.0 network is behind the 172.16.0.2 vpn box.
Im trying to access a private network.  The 192.168.1.0 network can reach it with no problem.
Default gateway of the 192.168.1.0 network is the 192.168.1.1 pfsense firewall.  The 192.168.2.0 network gateway is 192.168.2.1 firewall for its own internet connection.
See rules screenshot below.

myramp

No other help?  Is more information needed?

GruensFroeschli

The screenshot of your firewall rule shows as destination 204.146.91.0/26.
The diagram in the first post shows as destination subnet  204.146.91.0/24.

If you try to ping 204.146.91.130 this is in the
204.146.91.127/26 or
204.146.91.127/27 or
204.146.91.0/24 subnet
and NOT in the 204.146.91.0/26

One thing i dont understand:
Why do you have the "source 192.168.2.0/24, destination "lan-subnet" " rule on the LAN tab?
It has to go to the interface on which traffic with as source 192.168.2.0/24 comes in.

myramp

Not sure was just trying anything to diagnose where the problem might be.
I went and changed the /26 to /24 for 204.146.91.0.  I will retry.

myramp

Ok I got everything working.  I had to add a static route in pfsense to the 192.168.2.0/24 network.  I also added some rules on the DMZ tab for the 192.168.2.0/24 network to access it.

Thanks for your help GruensFroeschli.