• 3 post in 2 day...I'm I setting a record?

    Anyway, I have two VLAN's, 40 and 1001.
    40 has my domain controller with DHCP. 1001 has workstations.
    The only rules I have on both are allow any protocol from any source to any destination.
    My workstations on 1001 will not connect to DHCP. I tested ping and I can ping from 1001 to 40, but not 40 to 1001. I can only ping the 1001 gateway from a 40 system.
    If I manually plug in an IP address on a 1001 workstation, I can get to the internet.
    For some reason my 40 to 1001 communication is blocked.

  • Put up a screenshot of your VLAN40 rules and your VLAN1001 rules. Mask or black out anything "private" if you need to.


  • @tl5k5
    So you want to pull IP settings from the DHCP on the other subnet? Then you have to configure the DHCP relay on pfSense.

  • @akuma1x
    Here you go.

  • @tl5k5 It's generally good practice to set the SOURCE field in your firewall rules as the name of the interface the rule runs on.

    In your case, even though the ALLOW any rules on both interfaces are passing traffic, you might want to set the source(s) to LAN net and VLAN1001 net, respectively. I don't think that's keeping ping traffic from working, however.

    Sometimes, the hosts you're trying to access from different subnets have their own built-in firewalls that keep unwanted traffic out. Have you checked all of that, too?

    Other times, some hosts don't have firewalls, and they can be talked to from different subnets. As an example, I have a bunch of Roku boxes on a STREAM subnet. I can ping these guys all day long from my LAN subnet, simply by using the default allow LAN to any rule.


  • LAYER 8 Global Moderator

    @akuma1x said in can't ping one direction:

    hosts you're trying to access from different subnets have their own built-in firewalls

    Exactly - this comes up like daily here to be honest.. Why can I not access PC on other vlan..

  • @akuma1x @johnpoz @viragomann Thank you all. The DHCP relay did trip me up. I normally turn off private firewall on my Windows clients, but didn't on these workstations...so that got me too!
    I've been my own worst enemy on this config!!! :-\