Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Network blocked

    Scheduled Pinned Locked Moved Firewalling
    9 Posts 2 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      myramp
      last edited by

      I have 2 networks 192.168.1.0/24 and 192.168.2.0/24 that are connected with routers over a private t1.
      I need 192.168.2.0 to access a specific network 204.146.91.0/24 but my pfsense is blocking 192.168.2.0/24 from reaching it.
      The firewall log show it being blocked by the default rule.

      The 192.168.2.0 network has access to all other computers on the 192.168.1.0 network.

      the 204.146.91.0 network is an private network handled by a vpn box.

      network.gif
      network.gif_thumb

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        http://forum.pfsense.org/index.php/topic,7001.0.html
        Please draw a diagram.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • M
          myramp
          last edited by

          I get these messages in the firewall log when trying to traceroute the network.

          Sep 16 15:37:57 LAN 192.168.2.114 204.146.91.130 ICMP
          Sep 16 15:37:52 LAN 192.168.2.114 204.146.91.130 ICMP
          Sep 16 15:37:48 LAN 192.168.2.114 204.146.91.130 ICMP

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            More infos please.
            Screenshots of firewall rules, did you create an allow-rule for this traffic, how do you test, what are you trying to access, is the 204.146.91.0/24 subnet behind the 172.16.0.2 router,
            what is the default gateway of your clients, what is the default gateway of each router, etc.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • M
              myramp
              last edited by

              Yes I created rules.  At least I think i did. Yes the 204.146.91.0 network is behind the 172.16.0.2 vpn box.
              Im trying to access a private network.  The 192.168.1.0 network can reach it with no problem.
              Default gateway of the 192.168.1.0 network is the 192.168.1.1 pfsense firewall.  The 192.168.2.0 network gateway is 192.168.2.1 firewall for its own internet connection.
              See rules screenshot below.

              networkrules.gif
              networkrules.gif_thumb

              1 Reply Last reply Reply Quote 0
              • M
                myramp
                last edited by

                No other help?  Is more information needed?

                1 Reply Last reply Reply Quote 0
                • GruensFroeschliG
                  GruensFroeschli
                  last edited by

                  The screenshot of your firewall rule shows as destination 204.146.91.0/26.
                  The diagram in the first post shows as destination subnet  204.146.91.0/24.

                  If you try to ping 204.146.91.130 this is in the
                  204.146.91.127/26 or
                  204.146.91.127/27 or
                  204.146.91.0/24 subnet
                  and NOT in the 204.146.91.0/26

                  One thing i dont understand:
                  Why do you have the "source 192.168.2.0/24, destination "lan-subnet" " rule on the LAN tab?
                  It has to go to the interface on which traffic with as source 192.168.2.0/24 comes in.

                  We do what we must, because we can.

                  Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                  1 Reply Last reply Reply Quote 0
                  • M
                    myramp
                    last edited by

                    Not sure was just trying anything to diagnose where the problem might be.
                    I went and changed the /26 to /24 for 204.146.91.0.  I will retry.

                    1 Reply Last reply Reply Quote 0
                    • M
                      myramp
                      last edited by

                      Ok I got everything working.  I had to add a static route in pfsense to the 192.168.2.0/24 network.  I also added some rules on the DMZ tab for the 192.168.2.0/24 network to access it.

                      Thanks for your help GruensFroeschli.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.