Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing Across Subnets Question

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 751 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      LeiShen
      last edited by

      I have 3 subnets on my pfSense Router network.
      I've set 192.168.1.x to be for guests and blocked all access to the other networks (192.168.2.x and 192.168.3.x). This seems to work fine.
      However, I have some Raspberry Pi's on 192.168.2.x that I can only access (via SSH) while on that sub-net.
      If I'm on 192.168.3.x, then my SSH session times out trying to connect.
      I didn't think there was anything in pfSense to block access across sub-nets.
      What am I missing?
      Thanks!

      1 Reply Last reply Reply Quote 0
      • johnpozJ Online
        johnpoz LAYER 8 Global Moderator
        last edited by

        Without seeing the rules you created its impossible for us to see if those are the issue.. Please post up rules you created on these other networks firewall interfaces and your lan rules.

        Lan out of the box would be any any, but any other networks you bring up you would have to put in rules, or all traffic from that network would be blocked, etc.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

        1 Reply Last reply Reply Quote 0
        • L Offline
          LeiShen
          last edited by

          Ah, Ok. I think I got it backward then.
          There are no rules between 2.x and 3.x - its just stock pfSense rules. So it would be blocked. I think I understand now.
          I really didn't need blocking rules between 1.x and 2.x/3.x, but put those in 'cause I thought I did need them.
          So I need to put in some rules between 2.x and 3.x in order to get access across those  subnets.
          I'll dig around and learn/figure out how to do that.
          Thanks for pointing me in the right direction…I was confused.

          1 Reply Last reply Reply Quote 0
          • johnpozJ Online
            johnpoz LAYER 8 Global Moderator
            last edited by

            You do have interfaces or vlans for these other networks right… Your just not running multiple layer 3 on the same layer 2 network right??

            Rules are evaluated as traffic enters and interface from the network its attached too.
            Rules are evaluated top down, first rule to trigger wins, no other rules are evaluated
            If no rules trigger then default deny is always there..

            https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

            1 Reply Last reply Reply Quote 0
            • L Offline
              LeiShen
              last edited by

              I have a 4 lan interface box very similar to this one:
              https://www.amazon.com/Qotom-Q190G4-S01-celeron-Pfsense-firewall-router/dp/B01AAKGH88/ref=sr_1_5?ie=UTF8&qid=1525656793&sr=8-5&keywords=pfsense+network+box&dpID=51RsQ8C3R5L&preST=SY300_QL70&dpSrc=srch
              I bought it just before pfSense announce the requirement for Hardware Encryption (AES-NI) in later releases :( … we'll see how long I can run with this one.
              Thank you for the additional info and documentation! Helps a lot!!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.