4. Network blocked

Network blocked

  • M

    I have 2 networks 192.168.1.0/24 and 192.168.2.0/24 that are connected with routers over a private t1.
    I need 192.168.2.0 to access a specific network 204.146.91.0/24 but my pfsense is blocking 192.168.2.0/24 from reaching it.
    The firewall log show it being blocked by the default rule.

    The 192.168.2.0 network has access to all other computers on the 192.168.1.0 network.

    the 204.146.91.0 network is an private network handled by a vpn box.


    0

  • http://forum.pfsense.org/index.php/topic,7001.0.html
    Please draw a diagram.

    0
  • M

    I get these messages in the firewall log when trying to traceroute the network.

    Sep 16 15:37:57 LAN 192.168.2.114 204.146.91.130 ICMP
    Sep 16 15:37:52 LAN 192.168.2.114 204.146.91.130 ICMP
    Sep 16 15:37:48 LAN 192.168.2.114 204.146.91.130 ICMP

    0

  • More infos please.
    Screenshots of firewall rules, did you create an allow-rule for this traffic, how do you test, what are you trying to access, is the 204.146.91.0/24 subnet behind the 172.16.0.2 router,
    what is the default gateway of your clients, what is the default gateway of each router, etc.

    0
  • M

    Yes I created rules.  At least I think i did. Yes the 204.146.91.0 network is behind the 172.16.0.2 vpn box.
    Im trying to access a private network.  The 192.168.1.0 network can reach it with no problem.
    Default gateway of the 192.168.1.0 network is the 192.168.1.1 pfsense firewall.  The 192.168.2.0 network gateway is 192.168.2.1 firewall for its own internet connection.
    See rules screenshot below.


    0
  • M

    No other help?  Is more information needed?

    0

  • The screenshot of your firewall rule shows as destination 204.146.91.0/26.
    The diagram in the first post shows as destination subnet  204.146.91.0/24.

    If you try to ping 204.146.91.130 this is in the
    204.146.91.127/26 or
    204.146.91.127/27 or
    204.146.91.0/24 subnet
    and NOT in the 204.146.91.0/26

    One thing i dont understand:
    Why do you have the "source 192.168.2.0/24, destination "lan-subnet" " rule on the LAN tab?
    It has to go to the interface on which traffic with as source 192.168.2.0/24 comes in.

    0
  • M

    Not sure was just trying anything to diagnose where the problem might be.
    I went and changed the /26 to /24 for 204.146.91.0.  I will retry.

    0
  • M

    Ok I got everything working.  I had to add a static route in pfsense to the 192.168.2.0/24 network.  I also added some rules on the DMZ tab for the 192.168.2.0/24 network to access it.

    Thanks for your help GruensFroeschli.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy