Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    I can http/ssh all interfaces of pfSense (but not host)

    Firewalling
    2
    3
    562
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sendalot last edited by

      I can http/ssh all interfaces of pfSense (but not hosts that in those other vlans).
      Trying to implement inter-vlan communication.
      I pasted my config below. (after looking at https://hardforum.com/threads/pfsense-intervlan-routing.1615335/ && https://forum.pfsense.org/index.php?topic=63397.0)
      Thanks. (Pics attached)

      ![1 - LAN.JPG](/public/imported_attachments/1/1 - LAN.JPG)
      ![1 - LAN.JPG_thumb](/public/imported_attachments/1/1 - LAN.JPG_thumb)
      ![2 - OPT1.JPG](/public/imported_attachments/1/2 - OPT1.JPG)
      ![2 - OPT1.JPG_thumb](/public/imported_attachments/1/2 - OPT1.JPG_thumb)
      ![3 - OPT2.JPG](/public/imported_attachments/1/3 - OPT2.JPG)
      ![3 - OPT2.JPG_thumb](/public/imported_attachments/1/3 - OPT2.JPG_thumb)

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        Your rules on opt1 net with dest opt1 net are pointless, Since you have a rule that says opt1 net can do anything it wants with any any.

        If your not able to talk to lan from opt1 net - your issue is most likely software firewalls on your lan devices not allowing opt1 network.

        Your rule on the bottom with dest opt1 net reject is beyond pointless.. Seem you do not understand that pfsense is used to talk OFF opt1 net, or any other net.. Devices do not send traffic to pfsense to talk devices on their same network.. They might ask it for dns, to resolve something on their network - but when talking to another device on their own network they do not talk to pfsense.

        So rules that try and block or allow access on that network are pointless..

        Rules are evaluated as they enter an interface, first rule to trigger wins, no other rules are evaluated.  If I am on say 192.168.1.100/24 and want to talk to 192.168.1.101/24 - why would I send a packet to my gateway pfsense on say 192.168.1.1 ??

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

        1 Reply Last reply Reply Quote 0
        • S
          sendalot last edited by

          right, lan1 <> lan1 or opt1 <> opt1 would go by MAC addresses.

          Ok, thanks for your pointers on end-device firewall (for not allowing lan1 <> opt1 traffic).

          thanks again for your time.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post