Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No access to OPT1 from any interface

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 4 Posters 582 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrwildbob
      last edited by

      I am having issues getting Opt1 interface to work properly. I have setup the Rules (listed below) to allow access in and out of that interface from the LAN and VPN interfaces. I go to Diagnostics > Ping and try to ping something, Opt1 is the only interface that I am able to ping from and get a response. This firewall is at another location and I am using the VPN to access the LAN network without issues. If I ping from the LAN net to Opt1 network, I get nothing. If I ping from VPN to OPT1, I get nothing. OPT1 does not seem to have access to WAN (Internet) interface either.

      I have looked at this over the last several days, googled and tried everything I can find and still can not seem to get anywhere. What am I missing?

      Rules:

      OPT1
      IPv4 * * * * * * none Default allow OPT1 to any rule

      OpenVPN
      IPv4 * * * * * * none OpenVPN VPN wizard

      LAN
      IPv4 * LAN net * * * * none Default allow LAN to any rule

      NAT Outbound is Manual

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        When you change/add/remove firewall rules on an interface, it should work right away.
        But : when you work with interfaces, I advise you to restart the VPN.

        Btw : the openvpn firewall rules accept ICMP traffic ?

        Because you are working over VPN, I advise you to lower the risk to be locked out : open temporary a ssh - or even GUI - access on WAN, so you can login whatever happens. Then restart VPN. When all is ok, remove these entries.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by johnpoz

          @gertjan said in No access to OPT1 from any interface:

          When you change/add/remove firewall rules on an interface, it should work right away.

          Don't forget about existing states.. You may need to kill any states that were allowing the traffic you are now wanting to block.

          If you can ping the opt1 interface IP from lan but can not ping stuff on the opt1 network - you sure its not their firewall on whatever it is your pinging. Also are they using opt1 IP of pfsense as their gateway to get back to you. I would sniff on the op1 interface and validate you send the traffic out to whatever it is your trying to ping.. If you see pfsense send it on, and get no answer that screams firewall on the device.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            So what IS working here?

            Do you have DHCP enabled on OPT1? Are clients pulling a lease from it?

            With outbound NAT in manu7al mode you will have to add outbound NAT rules for the new OPT1 subnet.

            Do you see any alerts in the GUI? It may be failing to load the new ruleset correctly. You should still be able to ping from LAN to OPT1 though even without any new rules.

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.