Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Another 2nd LAN issue

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 3 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jhp
      last edited by

      Hi Everyone

      Have installed a firewall with carp which works great for our main site (10.1.x.x) but traffic from our other LAN (10.2.x.x) can't get out.

      INTERNET <-> pfsense <-> 10.1.x.x LAN <-> routers <-> 10.2.x.x LAN

      So far I've-

      Added a static route to 10.2.x.x (which I can ping from the firewall)

      Altered the 'default LAN' entry to be '*' on my ruleset (which hopefully allows all traffic on the LAN interface to access ports specified)

      and

      Ticked 'Bypass firewall rules for traffic on the same interface' but to no avail.

      It's as though the traffic just gets stuck (dropped?) at the firewall. If I remove the pfSense box and put our old Watchguard back in, everything works fine so I know it isn't a routing issue external to the firewall.

      Anyone have any ideas what else I could try?

      Thanks for any help.

      John

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Are you perchance using advanced outbound NAT?
        In this case you also need to create an outbound NAT rule.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • J
          jhp
          last edited by

          Ah! Of course! I set it up to work with CARP since my external addresses are all virtual ones. smacks forehead

          I'll try to get into work early this week to create a new rule for 10.2.x.x and test it. The rule is only presently set to 10.1.x.x which would certainly explain the problem.

          Thanks!

          1 Reply Last reply Reply Quote 0
          • H
            Hotliner
            last edited by

            @jhp:

            Ah! Of course! I set it up to work with CARP since my external addresses are all virtual ones. smacks forehead

            I'll try to get into work early this week to create a new rule for 10.2.x.x and test it. The rule is only presently set to 10.1.x.x which would certainly explain the problem.

            Thanks!

            This Rocks… I had the same problem.. and it now works .... THANKS!!!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.