Another 2nd LAN issue



  • Hi Everyone

    Have installed a firewall with carp which works great for our main site (10.1.x.x) but traffic from our other LAN (10.2.x.x) can't get out.

    INTERNET <-> pfsense <-> 10.1.x.x LAN <-> routers <-> 10.2.x.x LAN

    So far I've-

    Added a static route to 10.2.x.x (which I can ping from the firewall)

    Altered the 'default LAN' entry to be '*' on my ruleset (which hopefully allows all traffic on the LAN interface to access ports specified)

    and

    Ticked 'Bypass firewall rules for traffic on the same interface' but to no avail.

    It's as though the traffic just gets stuck (dropped?) at the firewall. If I remove the pfSense box and put our old Watchguard back in, everything works fine so I know it isn't a routing issue external to the firewall.

    Anyone have any ideas what else I could try?

    Thanks for any help.

    John



  • Are you perchance using advanced outbound NAT?
    In this case you also need to create an outbound NAT rule.



  • Ah! Of course! I set it up to work with CARP since my external addresses are all virtual ones. smacks forehead

    I'll try to get into work early this week to create a new rule for 10.2.x.x and test it. The rule is only presently set to 10.1.x.x which would certainly explain the problem.

    Thanks!



  • @jhp:

    Ah! Of course! I set it up to work with CARP since my external addresses are all virtual ones. smacks forehead

    I'll try to get into work early this week to create a new rule for 10.2.x.x and test it. The rule is only presently set to 10.1.x.x which would certainly explain the problem.

    Thanks!

    This Rocks… I had the same problem.. and it now works .... THANKS!!!


Log in to reply