Routing between interfaces
-
Hello All,
Fairly new to pfsense, I have a fairly simple setup:
PFSense box with connected WAN
OVPN Server
OVPN Client (for guest network to use)LAN - 192.168.2.0/24
OPT1 - 192.168.4.0/24Now everything on OPT1 is working, DHCP is assigned from the PFSense box.
LAN has a separate DHCP server but the PFSense box is the default gateway.from the PFsense router I can ping LAN -> OPT1 and OPT1 -> LAN, the firewall shows communication and logs it.
from any device connected on LAN: Can PING 192.168.4.1 on PFSense router
from any device connected on OPT1: Can PING 192.168.2.1 on PFSense routerNo device connected on LAN or OPT1 can communicate with each other past the router. If it the problem were rules why is there no logging to show this? I have enabled logging on all my rules to ensure I don't miss anything.
Any advise?
Thanks!
-
Local firewalls, perhaps? What devices are we talking about here?
-
No firewalls in place on connected devices as part of troubleshooting.
LAN can all ping within LAN
OPT1 can all ping within OPT1
Example: 192.168.2.3 can ping 192.168.2.250, 192.168.2.3 can also ping 192.168.4.1 but not 192.168.4.52
Example 192.168.4.52 (zoneminder) can ping 192.168.4.54 (camera). 192.168.4.52 can also ping 192.168.4.1, 192.168.2.1 but NOT 192.168.2.250Windows 192.168.2.250 ICMP 192.168.4.52 -> PFSense 192.168.2.1 -> 192.168.4.1 -> notta.
I just decided to do a trace route on my windows host. it seems the routes are not working.
When I attempt to traceroute to 192.168.4.52 it goes out to my internet connection.
Traceroute 192.168.4.1 and it's instant.Okay so why is PFSense redirecting traffic to my WAN for that ip?
-
Check the netmasks on all your pfSense interfaces. They should probably be /24 and are likely /32.
Are you using policy routing (Setting gateways on LAN/OPT1 rules)?
-
Everything is /24 for the full 192.168.2/4.x subnets
Yes I have the LAN interface set to go through the WAN_DHCP gateway and Guest network to go trough the OVPN Client for it's gateway.
-
Rules:
-
What you are seeing is normal and expected.
https://doc.pfsense.org/index.php/Bypassing_Policy_Routing
-
How do I enforce just my guest network uses the OVPN Client gateway without it? When I use default WAN connectivity is gone.
-
What I mean is if I set my outbound rules to default there is no WAN connectivity on the LAN anymore with that PIA rule enabled.
-
You probably need to check "Don't pull routes" on your PIA client.
There are probably a thousand threads on this, bro.
-
Slaps hand on head. Yup. That's it.
Thanks so much, honestly I had no idea what to search for to figure out this mess.
-
"PIA"
