Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing| Wan and Lan

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 2 Posters 626 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Vincent_28
      last edited by

      Hello guys can how to set the correct rules in WAN and LAN,
      i try to "tracert" in PC1 its show only the Router1 IP.
      then i try to "tracert" the AD in PC0 its shows, first the ip of PFSense LAN IP then the AD IP. then trace complete
      then the PC0 can ping the PC1 , but when the PC1 try to ping PC0 i can't.
      PC1 can access the SYNOLOGY. can map network drive. but in the PC0 can't map network drive.

      in the SWITCH0 i add a static routing.
      Destination Subnet Nexthop
      172.168.111.1 255.255.255.0 182.100.2.130

      pfsense rules in lan
      ipv4 source > lan destination > wan
      i try that then i try it also to
      ipv4 source > wan destination > lan

      same with the wan rules i try also the rules in lan.

      Diagram.jpg

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        @Vincent_28 said in Routing| Wan and Lan:

        but when the PC1 try to ping PC0 i can't.

        Of course you can't. pfSense WAN blocks all unsolicited inbound traffic, so you're not going to be able to ping anything past it. Even WAN won't respond to pings unless you add a rule to allow it.

        What are your current firewall rules on pfSense LAN? Screenshot please.

        V 1 Reply Last reply Reply Quote 1
        • V
          Vincent_28 @KOM
          last edited by

          @KOM here is the screenshot
          Lan.jpg

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by KOM

            OK, your LAN rules are fine except for the IPv6 rule which isn't necessary (the invisible default deny rule at the bottom of the rules list will block IPv6 unless you explicitly allow it) and the last one which is redundant (the rule above it already allows all traffic to anywhere.) Rules are processed in order, top-down, first-match wins.

            What's in the port alias portss?

            From what I can see, there is nothing on the firewall blocking access to your Synology. Is there a local firewall on that Synology server? Sometimes local firewalls will auto-block traffic that's outside its local network, for example.

            V 1 Reply Last reply Reply Quote 1
            • V
              Vincent_28 @KOM
              last edited by

              @KOM
              in the block that is disabled and its not working even now. purpose is blocking some port but now i disabled that.

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                Well, the only rule that has seen any traffic at all is the Default allow LAN to any rule, so nothing is being blocked. That's why I suggested you try looking at it from the Synology side.

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.