Traffic from an IP-address behind Interface LAN1 does not reach the desired IP-address behind Interface LAN4 and vice-versa.

DebexeL · Apr 21, 2020, 5:53 PM

Below are all the rules I've made in pursuit of allowing such traffic. No success.

Help would be much appreciated!

viragomann · Apr 21, 2020, 8:22 PM

Ensure that the destination devices firewall does not block the access. By default system firewalls block access from outside the subnet they belong to.

DebexeL · Apr 22, 2020, 6:16 AM

@viragomann I do not have any firewalls apart from the one in pfSense.

For me, pfSense acts as the router/firewall/dhcp/dns resolver.

This is my layout:
ISP VDSL2 --> DMZ Eth4 --> pfSense WAN

pfSense's interfaces:

WAN (This is connected to my VDSL2 modem Eth4 which is in DMZ mode. This method provides the pfSense box a public IP, separate from our main home network.)

LAN1 has a computer connected to them directly, no switches etc..

LAN2 has no connected device at the moment (But is used for direct ethernet to device)

LAN3 has a computer connected to them directly, no switches etc..

LAN4 has a POE-powered Cisco AirLap 1600 series AccessPoint connected to it, which has three devices connected to it wirelessly (one of the devices is connected to my workplace via VPN, as all the traffic on that specific device is forced to go through the workplace network, either via VPN or real office ethernet/wireless)

I'll update my subnets here after work.

viragomann · Apr 22, 2020, 3:31 PM

@DebexeL said in Traffic from an IP-address behind Interface LAN1 does not reach the desired IP-address behind Interface LAN4 and vice-versa.:

I do not have any firewalls apart from the one in pfSense.
LAN1 has a computer connected to them directly, no switches etc..

So that computer and the other devices on LAN4 are not running firewalls? So you have deactivated it?

DebexeL · Apr 22, 2020, 3:31 PM

@viragomann
Ah, yes those devices do indeed have Windows firewalls on. I thought you meant like actual firewall hardware. My bad. :)

I'll check those too. Anyway, here are the subnet infos I promised.

WAN 1000baseT <full-duplex> 84.*********
LAN1 1000baseT <full-duplex,master> 10.0.0.1/28 (10.0.0.1 - 10.0.0.14 range / 10.0.0.10 - 10.0.0.14 for DHCP)
LAN2 none ......... 10.0.0.17/28 (10.0.0.17 - 10.0.0.30 / Fully allocated for DHCP)
LAN3 1000baseT <full-duplex> 10.0.0.33/28 (10.0.0.33 - 10.0.0.46 / Fully allocated for DHCP)
LAN4 1000baseT <full-duplex> 10.0.0.100/27 (10.0.0.97 - 10.0.0.126 / 10.0.0.101 - 10.0.0.126 for DHCP, 10.0.0.101 Static Leased for Access Point)