How to get 2 separate networks to talk to each other?
-
rules are wrong
LAN net can already go everywhere with your first rule, as you can see the state for the other rules are 0/0 so they never applyon the screenshot of firewall / Rules /SERVER
that rule is wrong
you will never see traffic generated by LAN net on the SERVER net, that's why your states is 0/0
eventually source should be SERVER net and Destination LAN net or whatever
and you need a rule that permit source SERVER net and destination pfsense as i think that 192.168.70.1 is pfsense.
192.168.70.2 is unable to talk to the dns resolver/dns forwarder (port 53) -
For clarification, Pfsense has WAN, LAN and OPT 1 (which I renamed SERVER). The NAS server is 192.168.70.2
I created rule to permit source SERVER net to destination 192.168.70.1- the port 53 error is now resolved. However, I still cannot ping the NAS. What else am I missing?
-
from where are you pinging ? from LAN ?
-
@kiokoman Pinging from pfsense GUI (192.168.69.1)
-
i see no reason here, a ping should work from LAN to SERVER, maybe the NAS has its own firewall ?
if there isn't anything new on the firewall log
ip protocol is set to IPv4 right? -
Previous error cleared up in the log. The NAS is a fresh new install of Freenas and no settings have been modified yet. The NAS is directly plugged into pfsense router OPT 1. The NAS automatically grabs IPv4 with DHCP after plugging in.
-
Does your nas have a gateway set? That points back to pfsense 70.1 address?
Can you ping the NAS from pfsense server interface, ie 70.1 ?
Either the nas has firewall, or has no gateway. I would sniff on the server interface while you ping - do you see the pings going out to the nas IP? Is it the correct mac? If so then its an issue with the traffic not actually getting to the nas, or the nas not answering, or the nas not having a way to answer because wrong gateway or no gateway.
-
yeah the problem is the freenas, maybe try to restart it / check its network interface / check its firewall
-
I think he has floating rules as well, since looks like he is blocking outbound traffic on his lan with those arrows before the interface name.
BTW - you might want to edit your firewall log pic, your showing your wan IP there in those blocks to 1433 and 2236, oh your first pic of firewall rules is showing it as well.
-
that ipv6 blocking rule is due to the fact that he disabled ipv6 from here
i think that removing that create a hidden floating rule
-
I have my NAS set up in the above picture after a new start over on the NAS. NAS gateway is pointing to 70.1
In addition, I have set pfsense DHCP server to identify the NAS by MAC address linking to 192.168.70.2 as static. I double checked and made sure the MAC of the NAS is matching correctly.I am not able to log in or ping my NAS at 192.168.70.2 from my LAN network. Traffic graph on my pfsense dashboard now shows activity on 192.168.70.1, previously nothing.
-
@ilovechickennuggets said in How to get 2 separate networks to talk to each other?:
I am not able to log in or ping my NAS at 192.168.70.2 from my LAN network
But can you ping it from the server IP on your pfsense?
-
@johnpoz Did you mean in pfsense - Diagnostics -> Ping 192.168.70.2? I'm not quite understanding this.
-
yes - exactly how your pinging from the lan interface.. Just pick the server interface... example
-
No, 100% packet loss
-
eh now i remember an old 3d where someone enabled static arp and was unable to ping
did you perhaps enabled static arp somewhere? -
@kiokoman I have new information to present. I was doing my ping wrong using default as source. I was curious and tried again with LAN and also resulted in packet loss.
Static ARP is not enabled.
-
PING it from the SERVER IP of pfsense - change your source to server!!
-
-
Well sniff on pfsense server interface when you ping - looks like you have just plain connectivity problem..