• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Allowing traffic from a different subnet interface

Scheduled Pinned Locked Moved Routing and Multi WAN
8 Posts 4 Posters 728 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • I
    ivanjrx
    last edited by Jun 15, 2023, 5:27 AM

    Hi Guys,

    I have the below flow chart
    alt text

    • teminterface A -> subnet 10.10.10.17/24 is coming from pfsense and its providing the DHCP, the DNS is coming from my
      piHole (10.10.10.2) on that network

    • teminterface B -> subnet 172.168.2.2/24 has its own Windows Server which has the DHCP and DNS , pfsense is only providing 172.168.2.1 as a router

    Q;, I have an app on IP 10.10.10.3 But I cannot access it from subnet 172.168.2.2/24 , what can I do to allow that traffic?
    oddly enough I do have access to my Pihole 10.10.10.2

    V 1 Reply Last reply Jun 15, 2023, 9:33 AM Reply Quote 0
    • V
      viragomann @ivanjrx
      last edited by Jun 15, 2023, 9:33 AM

      @ivanjrx said in Allowing traffic from a different subnet interface:

      Q;, I have an app on IP 10.10.10.3 But I cannot access it from subnet 172.168.2.2/24 , what can I do to allow that traffic?

      Probably the host is blocking access from outside of its subnet.
      Configure its firewall to allow it.

      I 1 Reply Last reply Jun 16, 2023, 2:30 AM Reply Quote 0
      • I
        ivanjrx @viragomann
        last edited by ivanjrx Jun 16, 2023, 2:30 AM Jun 16, 2023, 2:30 AM

        @viragomann
        I did these rules but still same issue, Am I not doing it wrong?
        alt text

        ps. I did one per the interface

        S 1 Reply Last reply Jun 16, 2023, 2:38 AM Reply Quote 0
        • S
          SteveITS Galactic Empire @ivanjrx
          last edited by Jun 16, 2023, 2:38 AM

          @ivanjrx Firewall rules apply on inbound packets. In your rules if the rule is on Management the source can never be External.

          Also as @viragomann mentioned ensure the server 10.10.10.3 allows access from other subnets.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          I 1 Reply Last reply Jun 16, 2023, 3:27 AM Reply Quote 0
          • I
            ivanjrx @SteveITS
            last edited by ivanjrx Jun 16, 2023, 3:39 AM Jun 16, 2023, 3:27 AM

            @SteveITS
            Thank you for your reply.

            They all internal,
            Other subnets for WIFI have access to 10.10.10.3

            The only difference is that Interface B -> subnet 172.168.2.2/24 is behind its own dhcp server and shooting for its own dns from the windows side.

            Oddly enough I have access to my pihole which is on the same subnet that I'm trying to reach. which is sitting on 10.10.10.2

            C 1 Reply Last reply Jun 16, 2023, 3:50 AM Reply Quote 0
            • C
              chpalmer @ivanjrx
              last edited by Jun 16, 2023, 3:50 AM

              @ivanjrx

              While it shouldn't matter for this.. 172.168.2.2 is not "private addressing" and really should not be used unless you are the owner of that address space..

              As mentioned.. are you shure your Windows machines firewalls are configured correctly? Windows by default will block anything outside its own subnet..

              Triggering snowflakes one by one..
              Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

              I 1 Reply Last reply Jun 16, 2023, 4:16 AM Reply Quote 0
              • I
                ivanjrx @chpalmer
                last edited by ivanjrx Jun 16, 2023, 4:19 AM Jun 16, 2023, 4:16 AM

                @chpalmer for the sake of the testing the firewall on the Domain controller and the client are off where I conduct the test, followed by a
                ipconfig /release & ipconfig /renew

                also the firewall in pfsense
                for 10.10.10.3 is only 3 rules:

                • default block out
                • ipv4
                • ipv6 -- although I'm only using IPv4

                As for 172.168.2.1

                • default to allow traffic on ipv4
                I 1 Reply Last reply Jun 16, 2023, 4:31 AM Reply Quote 0
                • I
                  ivanjrx @ivanjrx
                  last edited by Jun 16, 2023, 4:31 AM

                  @ivanjrx
                  OMG! Oh You guys!
                  I just answered my silly question, in the last comment
                  on the pFsense its only running on the IPv4 But Windows is using both IPv4 + IPv6 ,
                  I'm sure it was coming in as IPV6 and therefore it was getting blocked, I just allowed both protocols in the Rules and I can now Hit that app. duh! 😅

                  The only explanation i have on how I was hitting the traffic for 10.10.10.2 before is cause is a DNS server, other than I can live with that mystery...

                  Modedators can now Mark this as Solved

                  1 Reply Last reply Reply Quote 0
                  8 out of 8
                  • First post
                    8/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received