Networking between interfaces
-
Hi everyone. Quick question about pfsense / networking.
I have:
WAN (dhcp ip)
LAN1 (gateway 10.xxx.x24.1)
LAN2 (gateway 10.xxx.x25.1)DHCP server on each LAN interface.
I have assets in LAN1 that my LAN2 clients need to get to. Do i need to create an allow rule in LAN1 and LAN2 so the LAN2 clients are routed LAN1 network?
-
Short answer is "Yes"
pfSense does not allow traffic between LAN1 & LAN2 by default.
Add a rule under LAN1 to allow the required traffic to LAN2 and a rule under LAN2 to allow traffic to LAN1.You can temporarily turn on logging for test purposes.
-
By default there are no rules to allow traffic. If you don't need any traffic filtered, you could do any/any rules on both interfaces and everything should just come up. If you need to lock it down then you would need specific rules for the traffic.
-
Thanks for the responses. Is there ever a short answer though? :)
On to my next question.
I have LAN1 rule routing out traffic via the WAN_DCHP gateway as the final rule. When i try to do this with LAN2 I break the LAN2 clients. Can you not configure 2 lan interfaces to route out the same WAN_DHCP gateway even though they are separate interfaces / nics? Only way I can fix this is an * as the rule for LAN2 instead of specifically assigning wan_dhcp gateway.
-
Actually by default pfSense installs with an "allow all" rule on the LAN interface. This will allow traffic to any other interface on the box. When you add a second LAN you will need to copy the default LAN rule to the new interface unless you want to specifically limit traffic.
If you wish to limit traffic between interfaces you would place the "limiting" rule(s) above any "allow all" rule.
