Routing between 2 LAN NIC

abidkhanhk

Hi, this question has probably been asked 10k times before i am kind of confused and hit a roadblock,

i got 2 LAN NIC on pfsense,

192.168.1.0/24
192.168.0.0/24

WAN DHCP- set as default gateway,

under interface assignment i have not set a default Gateway for either of the LANs, because once my PC is connect i can reach the public internet just fine,
However, i am unable to ping from 192.168.0.40 to 10.168.1.40

BUT when from 192.168.0.40 i CAN ping 192.168.1.1 , but not the rest of the network, I have disabled the firewall on the client machines but still no joy,

i have added the firewall rules on both LAN NIC for any to any allow, but still cannot ping
Kindly assist.

chpalmer

Windows machines treat anything outside of their own subnet as "public" and will block it as such.

Im going out on a small limb as blaming the firewall on the client machines even if you think they are disabled. Gateway on those machines should point to 192.168.1/0.1 Not your WAN gateway..

abidkhanhk

@chpalmer firewall on the Windows machine is disabled, in fact i also have a small Pi unit on the networks, on same network the ping is working fine, but cross network its not working

EDIT, Regarding Gateway, Should i create a new gateway for each Lan? i.e. 192.168.1.1 and 192.168.0.1 ? or just create a single one 192.168.1.1 and define that as default for all Gateway?
also when i run ipconfig in cmd., i can see that the dhcp server had already provided the gateway to the client Machine, like 192.168.0.1 for the 192.168.0.0/24 network, so is there still a need for setting a default gateway?

chpalmer

No gateways on the LAN interfaces.

You made the comment above- "WAN DHCP- set as default gateway," Is that on the WAN interface?

Are client machines all set with static or DHCP?

abidkhanhk

@chpalmer Sorry i meant to say WAN is a DHCP,

Both Lan gets their IP via DHCP,

chpalmer

Ok I see your edit.

Show your firewall rules for each LAN interface..

abidkhanhk

@chpalmer

- - LAN1 Address 443
    80 * * Anti-Lockout Rule

IPv4 * LAN1 net * * * * none Default allow LAN to any rule
IPv6 * LAN1 net * * * * none Default allow LAN IPv6 to any rule

for Lan2

IPv4 * LAN2 net * * * * none Default allow LAN to any rule
IPv6 * LAN2 net * * * * none Default allow LAN IPv6 to any rule

Both LAN interfaces have allowed for any to any traffic.

chpalmer

@abidkhanhk

Do you mean?

IPv4 * LAN1 net * * * * none Default allow LAN1 to any rule
IPv6 * LAN1 net * * * * none Default allow LAN1 IPv6 to any rule

for Lan2

IPv4 * LAN2 net * * * * none Default allow LAN2 to any rule
IPv6 * LAN2 net * * * * none Default allow LAN2 IPv6 to any rule

abidkhanhk

@chpalmer Yes, these are the default allow any to any rule,

chpalmer

@abidkhanhk

The 2nd LAN would not have a default rule. You would have had to make it up. That's why I wanted to verify that the rules were built right.

Pfsense by default routes between subnets. If the firewall rules are correct (a screenshot would be great) then the issue must lie on the client machines.

Example from one of my boxes.

abidkhanhk

@chpalmer I think i am screwing up somewhere on the switches... sigh

Thanks for your help~