How to get 2 separate networks to talk to each other?

ilovechickennuggets · Feb 29, 2020, 6:52 PM

TLDR: One IP was occupying 2 interfaces at the same time and the setting remained in ifconfig after deletion. The solution was check XML file and reboot pfsense to cleanly get rid of this from ifconfig.

How do I let my computer on 192.168.69.1 talk to the NAS server on 192.168.70.1? I can't log in the NAS with my computer. I don't know much about network stuff and tried to configure this with some information I learned from looking through posts in this forum and searching around. Please explain this to me as if I know nothing.

Phones, laptops, and etc are on different vlans managed by a switch.
There is no switch connecting the NAS server, and it plugs directly to the pfsense router.
I can ping successfully from pfsense to any device except the NAS server (100% packet loss). I have also tried doing the same again with windows firewall off and also resulted in packet loss.

Here are the firewall rules:
🔒 Log in to view

🔒 Log in to view

What other information can I provide to help solve this? Thank you!

kiokoman · Feb 25, 2020, 10:46 AM

rules are wrong
LAN net can already go everywhere with your first rule, as you can see the state for the other rules are 0/0 so they never apply

on the screenshot of firewall / Rules /SERVER
that rule is wrong
you will never see traffic generated by LAN net on the SERVER net, that's why your states is 0/0
eventually source should be SERVER net and Destination LAN net or whatever
and you need a rule that permit source SERVER net and destination pfsense as i think that 192.168.70.1 is pfsense.
192.168.70.2 is unable to talk to the dns resolver/dns forwarder (port 53)

🔒 Log in to view

ilovechickennuggets · Feb 25, 2020, 12:54 PM

@kiokoman
🔒 Log in to view

🔒 Log in to view

For clarification, Pfsense has WAN, LAN and OPT 1 (which I renamed SERVER). The NAS server is 192.168.70.2

I created rule to permit source SERVER net to destination 192.168.70.1- the port 53 error is now resolved. However, I still cannot ping the NAS. What else am I missing?

kiokoman · Feb 25, 2020, 1:03 PM

from where are you pinging ? from LAN ?

ilovechickennuggets · Feb 25, 2020, 1:01 PM

@kiokoman Pinging from pfsense GUI (192.168.69.1)

kiokoman · Feb 25, 2020, 1:06 PM

i see no reason here, a ping should work from LAN to SERVER, maybe the NAS has its own firewall ?
if there isn't anything new on the firewall log
ip protocol is set to IPv4 right?

ilovechickennuggets · Feb 25, 2020, 2:23 PM

@kiokoman

Previous error cleared up in the log. The NAS is a fresh new install of Freenas and no settings have been modified yet. The NAS is directly plugged into pfsense router OPT 1. The NAS automatically grabs IPv4 with DHCP after plugging in.

johnpoz · Feb 25, 2020, 1:12 PM

Does your nas have a gateway set? That points back to pfsense 70.1 address?

Can you ping the NAS from pfsense server interface, ie 70.1 ?

Either the nas has firewall, or has no gateway. I would sniff on the server interface while you ping - do you see the pings going out to the nas IP? Is it the correct mac? If so then its an issue with the traffic not actually getting to the nas, or the nas not answering, or the nas not having a way to answer because wrong gateway or no gateway.

kiokoman · Feb 25, 2020, 1:16 PM

yeah the problem is the freenas, maybe try to restart it / check its network interface / check its firewall

johnpoz · Feb 25, 2020, 1:22 PM

I think he has floating rules as well, since looks like he is blocking outbound traffic on his lan with those arrows before the interface name.

BTW - you might want to edit your firewall log pic, your showing your wan IP there in those blocks to 1433 and 2236, oh your first pic of firewall rules is showing it as well.

kiokoman · Feb 25, 2020, 1:25 PM

that ipv6 blocking rule is due to the fact that he disabled ipv6 from here
🔒 Log in to view

i think that removing that create a hidden floating rule

ilovechickennuggets · Feb 25, 2020, 2:04 PM

@johnpoz @kiokoman

I have my NAS set up in the above picture after a new start over on the NAS. NAS gateway is pointing to 70.1
In addition, I have set pfsense DHCP server to identify the NAS by MAC address linking to 192.168.70.2 as static. I double checked and made sure the MAC of the NAS is matching correctly.

I am not able to log in or ping my NAS at 192.168.70.2 from my LAN network. Traffic graph on my pfsense dashboard now shows activity on 192.168.70.1, previously nothing.

johnpoz · Feb 25, 2020, 2:10 PM

@ilovechickennuggets said in How to get 2 separate networks to talk to each other?:

I am not able to log in or ping my NAS at 192.168.70.2 from my LAN network

But can you ping it from the server IP on your pfsense?

ilovechickennuggets · Feb 25, 2020, 2:14 PM

@johnpoz Did you mean in pfsense - Diagnostics -> Ping 192.168.70.2? I'm not quite understanding this.

johnpoz · Feb 25, 2020, 2:16 PM

yes - exactly how your pinging from the lan interface.. Just pick the server interface... example

🔒 Log in to view

ilovechickennuggets · Feb 25, 2020, 2:18 PM

@johnpoz
🔒 Log in to view

No, 100% packet loss

kiokoman · Feb 25, 2020, 2:40 PM

eh now i remember an old 3d where someone enabled static arp and was unable to ping
did you perhaps enabled static arp somewhere?

ilovechickennuggets · Feb 25, 2020, 2:47 PM

@kiokoman I have new information to present. I was doing my ping wrong using default as source. I was curious and tried again with LAN and also resulted in packet loss.
🔒 Log in to view

🔒 Log in to view
🔒 Log in to view

Static ARP is not enabled.

johnpoz · Feb 25, 2020, 2:48 PM

PING it from the SERVER IP of pfsense - change your source to server!!

ilovechickennuggets · Feb 25, 2020, 2:52 PM

@johnpoz 🔒 Log in to view