Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I can http/ssh all interfaces of pfSense (but not host)

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 699 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sendalot
      last edited by

      I can http/ssh all interfaces of pfSense (but not hosts that in those other vlans).
      Trying to implement inter-vlan communication.
      I pasted my config below. (after looking at https://hardforum.com/threads/pfsense-intervlan-routing.1615335/ && https://forum.pfsense.org/index.php?topic=63397.0)
      Thanks. (Pics attached)

      ![1 - LAN.JPG](/public/imported_attachments/1/1 - LAN.JPG)
      ![1 - LAN.JPG_thumb](/public/imported_attachments/1/1 - LAN.JPG_thumb)
      ![2 - OPT1.JPG](/public/imported_attachments/1/2 - OPT1.JPG)
      ![2 - OPT1.JPG_thumb](/public/imported_attachments/1/2 - OPT1.JPG_thumb)
      ![3 - OPT2.JPG](/public/imported_attachments/1/3 - OPT2.JPG)
      ![3 - OPT2.JPG_thumb](/public/imported_attachments/1/3 - OPT2.JPG_thumb)

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Your rules on opt1 net with dest opt1 net are pointless, Since you have a rule that says opt1 net can do anything it wants with any any.

        If your not able to talk to lan from opt1 net - your issue is most likely software firewalls on your lan devices not allowing opt1 network.

        Your rule on the bottom with dest opt1 net reject is beyond pointless.. Seem you do not understand that pfsense is used to talk OFF opt1 net, or any other net.. Devices do not send traffic to pfsense to talk devices on their same network.. They might ask it for dns, to resolve something on their network - but when talking to another device on their own network they do not talk to pfsense.

        So rules that try and block or allow access on that network are pointless..

        Rules are evaluated as they enter an interface, first rule to trigger wins, no other rules are evaluated.  If I am on say 192.168.1.100/24 and want to talk to 192.168.1.101/24 - why would I send a packet to my gateway pfsense on say 192.168.1.1 ??

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • S
          sendalot
          last edited by

          right, lan1 <> lan1 or opt1 <> opt1 would go by MAC addresses.

          Ok, thanks for your pointers on end-device firewall (for not allowing lan1 <> opt1 traffic).

          thanks again for your time.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.