Cannot Ping Across VLANS

NicP91

Hi all,

I am in the process of setting up a pfSense box to prepare for an at-home business.

All has been working fine on a basic level for weeks and I am only now trying to begin slowly setting up all the minor details. The simple architecture includes WAN in from ISP, a few VLANs for both personal and business devices, and a privacy VPN connection on the personal networks with rules allowing certain static IP's to bypass it, for Netflix or other region-blocking reasons.

ISP termination device > pfSense < Cisco switch, managed, all VLAN tagged on all correct ports.

Internet connectivity works fine both inside and outside of VPN so I know this isn't the issue. Receiving a DHCP lease works fine across all VLANs too. Aside from the rule for the VPN on each VLAN, I have "any any * * * *" allow all traffic rules on all VLANs, and the LAN at this stage.

I am trying to ping from a command prompt on a computer with an IP on the personal LAN to an IP on my business LAN to temporarily test some client-server software hosted on my personal PC, with no success.

Using the ping diagnostic on pfSense, pings from each VLAN network to the DHCP devices in their own network work fine as expected. Pings between VLAN's do not, despite my any-any rules on both interfaces. The router can ping all IP's in question using the automatically selected (default) dropdown setting, so I know the router can see all IP addresses too. Therefore I have determined its clearly an inter-VLAN routing problem.

I have tried bumping the any-any rules in first priority above the VPN rules. I have tried creating specific rules for the individual IP addresses in question on both VLANs. Nothing.

I have also checked the following: the LAN and VLAN networks are all enabled. The networks and rules are all set to be on the same subnet. The rules are switched on, and are showing any-any, allow all traffic on each VLAN. I have tried rebooting too.

I had not touched the router in weeks, and upon logging in yesterday, there was an update available to version 2.4.4 - which I applied. I am unsure as to whether this is the cause or not, as I started this work after the update.

Any other thoughts as to why this is not working?

Nic.

netblues

@NicP91 Certainly the 2.4.4 update has nothing to do.
How about pc firewalls?
Have you tried disabling them and trying to ping again?

jahonix

Ping from pfSense works because clients see that as traffic from same subnet. Windows Firewall blocks traffic from other subnets by default.
Best bet is to allow ping from all subnets within Windows Firewall.

BTW: your * * rule in pfSense is setup for all protocols including ICMP or any source to any destination for TCP/UDP only?

Gertjan

@NicP91 : show us your Interface > Rules and we'll advise you.

NicP91

@netblues @jahonix Thank you both for your ideas! I don't usually work with Windows systems, but it was indeed the case that the firewall was the problem. I disabled it temporarily and pings worked! I will investigate shortly how to reenable firewall with altered rules to allow pings across subnets. Much appreciated :)

Nic.

NicP91

@Gertjan I figured out it was a firewall issue within Windows just in time! That was my next step though :) Thank you for your offer of assistance! - Nic.