2 LANS getting firewalled



  • network 1 - 192.168.0.x
    network 2 - 172.16.4.x
    pfsense - 192.168.0.102 & internet

    network 2 has no direct internet connection
    network 2 is connected to network 1 with a point-to-point leased line  192.168.0.100 <–> 172.16.4.1
    192.168.0.100 is on the LAN side of the pfsense box.

    Ping,etc works fine both ways, the route is fine.
    network2 can connect to the internet just fine

    but pfsense wants to firewall the connection between network1 and network2 with default deny rule for anything other than ping it would seem.

    Jul 24 09:22:08 LAN 192.168.0.50:1459 172.16.4.47:135 TCP

    the default rule to pass all on the LAN is there.

    I even removed the "Block private networks" from the WAN just to check and nothing changed.

    What am I missing here?



  • The default rule on the LAN allows only "source: LAN-subnet".
    You need to create another allow rule with "source: network2-subnet".



  • I have the default rule
    plus an allow rule for 172.16.0.0/16 (any)
    I even added an allow for 192.168.0.0/24 which should duplicate the default rule.

    still getting '@72 block drop in log quick all label "Default deny rule"'

    I'll start adding allow rules for specific ports, maybe that will work.

    I have not installed any packages (yet).



  • Setting a static route on the individual machines on network1 to network2 seems to avoid the problem but doesn't fix the problem of the pfsense box firewalling LAN to LAN traffic that is routing through the box.



  • Found the answer in Routing and Mult-Wan forum
    http://forum.pfsense.org/index.php/topic,18033.msg92978.html#msg92978

    @GruensFroeschli:

    Add the static route via the gui and not on the console.
    Under advanced activate the checkbox "disable firewall rules for traffic on the same interface"
    (or something like that, i dont remember how exactly it's called)

    thanks GruensFroeschli!


Log in to reply