No routing between local networks

NogBadTheBad

@gueaje The subnet mask and gateway is correct on each box, that you're trying to ping from & to ?

The interfaces are directly attached so it should work.

gueaje

@nogbadthebad said in No routing between local networks:

interfaces are directly attached so it should work.

Yes, I have checked and rechecked that since you pointed out earlier.
Also I tried to use ping tool from diagnostic menu in pfsense.
I can ping the hosts from respective pfsense interface (i.e. ping using LANSERVER to ping host in the same network), but it's not reachable if I change source address to LANCLIENT.

BTW, if it helps, hosts from both networks are able to access internet.
Can this configuration cause the issue? i.e. instead routing the traffic directly from LANSERVER to LANCLIENT, this setup cause the traffic directed to internet?

NogBadTheBad

@gueaje Is your default route your WAN gateway and are you using any sort of PIA ?

Diagnostics -> Routes

Gertjan

@nogbadthebad said in No routing between local networks:

@gueaje I'd be tempted to remove the floating

Tempted ? ;)
What about this one :

@gueaje
re create the firewall rule you've removed on the LAN interface when you installed pfSense.
By pure magic, things start to work.

If these are the rules on the LAN interface :

then, yeah, all traffic (except destination port 22 80 443 TC pfSense itself) goes into the default, last, hidden "black hole" rule. That included 'ping'.

Why did you remove the pass rule that was present in the beginning ? That comes with some punishment ;)

Btw : my advise : stay away from floating rules (leave them as you've found them : none).

gueaje

@nogbadthebad

I don't have PIA. (yet, still considering it. based on your question, looks like I have to put aside that consideration :) )

In the setup, I leave it as Automatic. Under Diagnostic route, it point to WAN1 right now.
Should I change it to LANCLIENT or LANSEVER?

gueaje

@gertjan
From fresh install, it was not working with default setup (no rule except "Anti-Lockout Rule).
Hence, I added floating rule to allow all for LAN networks, and it still not working.

Bob.Dig

@gueaje Just start over freshly.

NogBadTheBad

@gueaje Leave it as is.

I only asked about PIA as everything would route via your OpenVPN interface unless you has don't pull routes.

As you're not using PIA it should be fine.

Gertjan

@gueaje said in No routing between local networks:

@gertjan
From fresh install, it was not working with default setup (no rule except "Anti-Lockout Rule).

Read pfSense manual : Firewall Rule Best Practices

In a default two-interface LAN and WAN configuration, pfSense utilizes default deny on the WAN and default allow on the LAN.

This means you find the anti lockout rule and a pass rule on the LAN interface.

So, again, on a default pfSense you will find this pass rule on the interface called LAN (other interface are not assigned yet).
It is presumed that when you create other (more) LAN type interface, you copy this rule to your new LAN interfaces also. You have to change the "Source" while coping, of course.

gueaje

@bob-dig said in No routing between local networks:

@gueaje Just start over freshly.

Will need to find time later, probably over long weekend.
Currently can't afford downtime due to work from home.