Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow traffic between LAN and various other networks (OPTs)

    Firewalling
    4
    14
    691
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      YannickBon @Jarhead
      last edited by

      @jarhead Thanks for your reply,

      When I'm on the wapmngmnt network, I can ping devices that are on the network, but i can't ping the pfsense box. Which is very strange.

      When on the fmvnet network, I can ping the pfsense box and other devices on the same network, but I can't ping anything on the wapmngmnt network.

      @viragomann Thank you for your reply. I checked the firewall of the devices on the wapmngmnt network and nothing seems to be blocking anything specific. To be clear, these devices are Aruba networks antennas and they have just a very basic setup.

      1 Reply Last reply Reply Quote 0
      • U
        Uglybrian
        last edited by

        HI- is that your only fire wall rule on OPT and you may want to try Avahi in system/package manager.

        Y 1 Reply Last reply Reply Quote 0
        • Y
          YannickBon @Uglybrian
          last edited by

          @uglybrian Thanks for your reply.
          Yes it is my only rule on this interface. I'll give avahi a look.

          U 1 Reply Last reply Reply Quote 0
          • U
            Uglybrian @YannickBon
            last edited by

            @yannickbon You can try a second pass rule below your current rule.
            Allow /WAPMANAGMENT net / to/ MAPMANAGMENT addresses

            Y 1 Reply Last reply Reply Quote 0
            • Y
              YannickBon @Uglybrian
              last edited by

              @uglybrian Just tried it. Doesn't seem to affect anything. The pings are the same as described above.

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @YannickBon
                last edited by

                @yannickbon
                I'm wondering, what Avahi could do here.

                Did you investigate this:
                @viragomann said in Allow traffic between LAN and various other networks (OPTs):

                Maybe the destination device is blocking the access from the other subnet by its own firewall.

                ?

                J Y 2 Replies Last reply Reply Quote 0
                • J
                  Jarhead @viragomann
                  last edited by

                  @viragomann Avahi will do nothing for you.

                  Do you have a gateway set on the wapmgnt devices?
                  No dhcp, you'll have to set it manually.

                  1 Reply Last reply Reply Quote 0
                  • Y
                    YannickBon @viragomann
                    last edited by

                    @viragomann Yes, as I stated before the devices on the network don't seem to have any rules blocking traffic.

                    @Jarhead No I don't have an upstream gateway. Could you explain why this would be necessary? I thought this was only necessary for WAN type networks.

                    The only thing I'm trying to do here is to allow traffic between my LAN (FMVNET) and my OPT1 (WAPMANAGMENT). And in a second time give WAPMANAGMENT internet access (but that's not the problem i'm trying to solve first).

                    1 Reply Last reply Reply Quote 0
                    • Y
                      YannickBon
                      last edited by

                      The initial problem is sovled.

                      I have a netgate 7100. The issue was in the VLANs members in the switch configuration. I don't know why, but the interface was in two VLANs at the same time which I guess caused troubles.

                      Now I just gotta find out why I can't seem to connect this WAPMANAGMENT network to the internet.
                      I made these two very basic rules (basicaly a copy of the LAN rules but limited to WAN) but it doesn't seem to work.
                      Capture d’écran 2022-12-12 165250.jpg

                      V 1 Reply Last reply Reply Quote 0
                      • V
                        viragomann @YannickBon
                        last edited by

                        @yannickbon
                        WAN net is only the (small) subnet which is assigned to the WAN interface.
                        This rule can be dangerous besides, since it would allow access to the web configurator using the WAN address.

                        If you want to allow internet you need to set the destination to any.

                        To block access to your LAN add a block rule again to the top of the rule set. Also consider to block access to the pfSense web configurator.

                        Y 1 Reply Last reply Reply Quote 1
                        • Y
                          YannickBon @viragomann
                          last edited by

                          @viragomann Finally! Thank you for you wonderful help. It's been very useful. Now to more testing

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.