rule to allow traffic between networks
- 
 Well you can see from the 0/10 on your rules that rule has been evaluated.. The order of those rules would allow access.. Do you have any rules on floating. Try pinging your lan IP from opt2 network.. Can you ping the pfsense lan IP? Which is part of lan net and should be allowed, even with your block firewall rule below that. 
- 
 @johnpoz no rules in floating. yes i was just able to ping the lan network ip, but not any computers on the lan network and can't access any shares on that network. 
- 
 @kirshman said in rule to allow traffic between networks: but not any computers on the lan network and can't access any shares on that network. Well than as we have been stating.. You have firewall on what your trying to access in lan, or its not pointing back to pfsense as its gateway.. If you want to prove that to yourself - then sniff on your lan interface in pfsense while you try and ping from your opt interface - do you see pfsense send on the traffic.. 
- 
 @johnpoz this is what i got back 
 11:53:20.374377 IP 192.168.3.11 > 192.168.1.230: ICMP echo request, id 1, seq 26, length 40
 does this mean somehow my winows firewall is blocking it? I'm not sure why i couldn't access our share folder though cause that's just running on a raspberrypi nas with no firewall.
- 
 Exactly! you sent on ping to that IP.. An no response! You sniffed on the LAN right. Out of the box windows firewall would block ping from anything other than its local network.. So 192.168.1.230 not going to answer something from 192.168.3.X that is not its local network. Who says pi doesn't have firewall? You can for sure run firewall on pi.. What pi OS are you running? 
- 
 Ok. I'll jump on and disable the firewalls to test after lunch. Thanks for all your help so far, I really appreciate it! 
- 
 I'm running raspbian on my pi. I ran sudo iptables -L and this is what i got. 
 Chain INPUT (policy ACCEPT)
 target prot opt source destinationChain FORWARD (policy ACCEPT) 
 target prot opt source destinationChain OUTPUT (policy ACCEPT) 
 target prot opt source destinationIt doesn't seem like anything would be blocked using this. I did confirm with adding that rule, and turning off firewalls i can ping, but i still cant access shares, or get the programs I want to talk to each other. just as a completely random chance, I'm trying to connect vmix to a propresenter ndi between these networks. when i check with vmix with 2 computers on LAN it sees it. the one on Opt2 still doesn't see the NDI. I know that's probably past the scoper we're at, just one the offchance someone has worked through this I thought I'd throw it out there :) 
- 
 @kirshman said in rule to allow traffic between networks: but i still cant access shares How are you trying to access them? Your not going to be able to use discovery for example? You would have to hit the IP directly or via a fqdn that resolves to the proper IP. Your rule is any IPv4 - so if your using IPv4, firewall not going to block anything. 
- 
 got it, was opening run and using \ \pcname, but when i used the ipaddress that worked 
- 
 pcname isn't going to resolve, unless you client auto added suffix.. Or you were on the same L2 using a discovery protocol. pcname.domain.tld should be setup to resolve. Whatever domain and tld your using. 
