Routing| Wan and Lan

  • Hello guys can how to set the correct rules in WAN and LAN,
    i try to "tracert" in PC1 its show only the Router1 IP.
    then i try to "tracert" the AD in PC0 its shows, first the ip of PFSense LAN IP then the AD IP. then trace complete
    then the PC0 can ping the PC1 , but when the PC1 try to ping PC0 i can't.
    PC1 can access the SYNOLOGY. can map network drive. but in the PC0 can't map network drive.

    in the SWITCH0 i add a static routing.
    Destination Subnet Nexthop

    pfsense rules in lan
    ipv4 source > lan destination > wan
    i try that then i try it also to
    ipv4 source > wan destination > lan

    same with the wan rules i try also the rules in lan.


  • @Vincent_28 said in Routing| Wan and Lan:

    but when the PC1 try to ping PC0 i can't.

    Of course you can't. pfSense WAN blocks all unsolicited inbound traffic, so you're not going to be able to ping anything past it. Even WAN won't respond to pings unless you add a rule to allow it.

    What are your current firewall rules on pfSense LAN? Screenshot please.

  • @KOM here is the screenshot

  • OK, your LAN rules are fine except for the IPv6 rule which isn't necessary (the invisible default deny rule at the bottom of the rules list will block IPv6 unless you explicitly allow it) and the last one which is redundant (the rule above it already allows all traffic to anywhere.) Rules are processed in order, top-down, first-match wins.

    What's in the port alias portss?

    From what I can see, there is nothing on the firewall blocking access to your Synology. Is there a local firewall on that Synology server? Sometimes local firewalls will auto-block traffic that's outside its local network, for example.

  • @KOM
    in the block that is disabled and its not working even now. purpose is blocking some port but now i disabled that.

  • Well, the only rule that has seen any traffic at all is the Default allow LAN to any rule, so nothing is being blocked. That's why I suggested you try looking at it from the Synology side.

Log in to reply