• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Routing Across Subnets Question

Scheduled Pinned Locked Moved General pfSense Questions
5 Posts 2 Posters 557 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    LeiShen
    last edited by May 6, 2018, 9:52 AM

    I have 3 subnets on my pfSense Router network.
    I've set 192.168.1.x to be for guests and blocked all access to the other networks (192.168.2.x and 192.168.3.x). This seems to work fine.
    However, I have some Raspberry Pi's on 192.168.2.x that I can only access (via SSH) while on that sub-net.
    If I'm on 192.168.3.x, then my SSH session times out trying to connect.
    I didn't think there was anything in pfSense to block access across sub-nets.
    What am I missing?
    Thanks!

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by May 6, 2018, 10:21 AM

      Without seeing the rules you created its impossible for us to see if those are the issue.. Please post up rules you created on these other networks firewall interfaces and your lan rules.

      Lan out of the box would be any any, but any other networks you bring up you would have to put in rules, or all traffic from that network would be blocked, etc.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      • L
        LeiShen
        last edited by May 6, 2018, 12:27 PM

        Ah, Ok. I think I got it backward then.
        There are no rules between 2.x and 3.x - its just stock pfSense rules. So it would be blocked. I think I understand now.
        I really didn't need blocking rules between 1.x and 2.x/3.x, but put those in 'cause I thought I did need them.
        So I need to put in some rules between 2.x and 3.x in order to get access across those  subnets.
        I'll dig around and learn/figure out how to do that.
        Thanks for pointing me in the right direction…I was confused.

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by May 6, 2018, 3:44 PM

          You do have interfaces or vlans for these other networks right… Your just not running multiple layer 3 on the same layer 2 network right??

          Rules are evaluated as traffic enters and interface from the network its attached too.
          Rules are evaluated top down, first rule to trigger wins, no other rules are evaluated
          If no rules trigger then default deny is always there..

          https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • L
            LeiShen
            last edited by May 7, 2018, 1:37 AM

            I have a 4 lan interface box very similar to this one:
            https://www.amazon.com/Qotom-Q190G4-S01-celeron-Pfsense-firewall-router/dp/B01AAKGH88/ref=sr_1_5?ie=UTF8&qid=1525656793&sr=8-5&keywords=pfsense+network+box&dpID=51RsQ8C3R5L&preST=SY300_QL70&dpSrc=srch
            I bought it just before pfSense announce the requirement for Hardware Encryption (AES-NI) in later releases :( … we'll see how long I can run with this one.
            Thank you for the additional info and documentation! Helps a lot!!

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received