Communicattion between Subnets with their own Dedicated Interface



  • Okay,

    So I am having problems communicating between subnets that I create Firewall Rules for on client devices. If I try communication from the pfSense firewall itself I get a response.

    I currently have a total of (9) interfaces. (1) interface is for WAN the remaining (8) are internal LAN subnets. I can go into detail if needed.

    I can communicate inter-subnet (Rule created for this)
    I can communicate from the subnets to the internet (Rule created for this)
    I cannot communicate from lan-subnet-1 to lan-subnet-2 (Rule created for this)

    Is there something I am missing? I can post screenshots upon request, just let me know what you would like to look at.

    [If something like this has been posted before, I apologies, I first searched and couldn't find anything similar that fit this problem]



  • @an0nymity said in Communicattion between Subnets with their own Dedicated Interface:

    1. I can communicate inter-subnet (Rule created for this)
    2. I can communicate from the subnets to the internet (Rule created for this)
    3. I cannot communicate from lan-subnet-1 to lan-subnet-2 (Rule created for this)

    Ok, so going down the list:

    1. communication on the SAME subnet doesn't touch the pfsense firewall, it's all done on the switch that your devices are plugged into. You don't need any rules on the firewall to handle this type of traffic. You can witness this "doesn't touch" process by watching the states and traffic on the rules you have made that you think this traffic is going thru. It should say "0/0" for states and traffic.

    2. you always have to create rules for getting subnets/networks out to the internet, so plus 1 on that, you must have done it correctly. As an aside, an easy way to do this it to mimic the default LAN rules pfsense creates by itself.

    3. on your "lan-subnet-1" to "lan-subnet-2" rule, you layout it like this. Pass all traffic on all ports for source "lan-subnet-1" NET to "lan-subnet-2" NET. Make sure this rule doesn't have any block rules above it that would stop the traffic flow. One final point, many operating systems now BLOCK, by default, traffic coming from other subnets. Even though you wrote a proper allow firewall rule, the hosst you're trying to get to might be blocking the traffic all by itself in it's own firewall settings. Windows 7, 8, and 10 are notorious for doing this.

    Hope that helps.

    Jeff


Log in to reply