Allow traffic between LAN and various other networks (OPTs)
-
@jarhead Thanks for your reply,
When I'm on the wapmngmnt network, I can ping devices that are on the network, but i can't ping the pfsense box. Which is very strange.
When on the fmvnet network, I can ping the pfsense box and other devices on the same network, but I can't ping anything on the wapmngmnt network.
@viragomann Thank you for your reply. I checked the firewall of the devices on the wapmngmnt network and nothing seems to be blocking anything specific. To be clear, these devices are Aruba networks antennas and they have just a very basic setup.
-
HI- is that your only fire wall rule on OPT and you may want to try Avahi in system/package manager.
-
@uglybrian Thanks for your reply.
Yes it is my only rule on this interface. I'll give avahi a look. -
@yannickbon You can try a second pass rule below your current rule.
Allow /WAPMANAGMENT net / to/ MAPMANAGMENT addresses -
@uglybrian Just tried it. Doesn't seem to affect anything. The pings are the same as described above.
-
@yannickbon
I'm wondering, what Avahi could do here.Did you investigate this:
@viragomann said in Allow traffic between LAN and various other networks (OPTs):Maybe the destination device is blocking the access from the other subnet by its own firewall.
?
-
@viragomann Avahi will do nothing for you.
Do you have a gateway set on the wapmgnt devices?
No dhcp, you'll have to set it manually. -
@viragomann Yes, as I stated before the devices on the network don't seem to have any rules blocking traffic.
@Jarhead No I don't have an upstream gateway. Could you explain why this would be necessary? I thought this was only necessary for WAN type networks.
The only thing I'm trying to do here is to allow traffic between my LAN (FMVNET) and my OPT1 (WAPMANAGMENT). And in a second time give WAPMANAGMENT internet access (but that's not the problem i'm trying to solve first).
-
The initial problem is sovled.
I have a netgate 7100. The issue was in the VLANs members in the switch configuration. I don't know why, but the interface was in two VLANs at the same time which I guess caused troubles.
Now I just gotta find out why I can't seem to connect this WAPMANAGMENT network to the internet.
I made these two very basic rules (basicaly a copy of the LAN rules but limited to WAN) but it doesn't seem to work.
-
@yannickbon
WAN net is only the (small) subnet which is assigned to the WAN interface.
This rule can be dangerous besides, since it would allow access to the web configurator using the WAN address.If you want to allow internet you need to set the destination to any.
To block access to your LAN add a block rule again to the top of the rule set. Also consider to block access to the pfSense web configurator.
-
@viragomann Finally! Thank you for you wonderful help. It's been very useful. Now to more testing