Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Communicattion between Subnets with their own Dedicated Interface

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 2 Posters 462 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      an0nymity
      last edited by an0nymity

      Okay,

      So I am having problems communicating between subnets that I create Firewall Rules for on client devices. If I try communication from the pfSense firewall itself I get a response.

      I currently have a total of (9) interfaces. (1) interface is for WAN the remaining (8) are internal LAN subnets. I can go into detail if needed.

      I can communicate inter-subnet (Rule created for this)
      I can communicate from the subnets to the internet (Rule created for this)
      I cannot communicate from lan-subnet-1 to lan-subnet-2 (Rule created for this)

      Is there something I am missing? I can post screenshots upon request, just let me know what you would like to look at.

      [If something like this has been posted before, I apologies, I first searched and couldn't find anything similar that fit this problem]

      A 1 Reply Last reply Reply Quote 0
      • A Offline
        akuma1x @an0nymity
        last edited by akuma1x

        @an0nymity said in Communicattion between Subnets with their own Dedicated Interface:

        1. I can communicate inter-subnet (Rule created for this)
        2. I can communicate from the subnets to the internet (Rule created for this)
        3. I cannot communicate from lan-subnet-1 to lan-subnet-2 (Rule created for this)

        Ok, so going down the list:

        1. communication on the SAME subnet doesn't touch the pfsense firewall, it's all done on the switch that your devices are plugged into. You don't need any rules on the firewall to handle this type of traffic. You can witness this "doesn't touch" process by watching the states and traffic on the rules you have made that you think this traffic is going thru. It should say "0/0" for states and traffic.

        2. you always have to create rules for getting subnets/networks out to the internet, so plus 1 on that, you must have done it correctly. As an aside, an easy way to do this it to mimic the default LAN rules pfsense creates by itself.

        3. on your "lan-subnet-1" to "lan-subnet-2" rule, you layout it like this. Pass all traffic on all ports for source "lan-subnet-1" NET to "lan-subnet-2" NET. Make sure this rule doesn't have any block rules above it that would stop the traffic flow. One final point, many operating systems now BLOCK, by default, traffic coming from other subnets. Even though you wrote a proper allow firewall rule, the hosst you're trying to get to might be blocking the traffic all by itself in it's own firewall settings. Windows 7, 8, and 10 are notorious for doing this.

        Hope that helps.

        Jeff

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.