Firewall Can Ping Device From VLAN But Device CANNOT
-
I have my firewall setup with the main lan (192.168.5.1) and two secondary vlans six (.6.1) and seven (.7.1). I have a storage device on my main lan (.5.15) that I want both vlans to be able to access.
I setup an allow rule for each of these vlans. The rule for the seven network is action: pass, interface: seven, address family: ipv4, protocol: tcp/udp, source: seven net, destination: single host - 192.168.5.15. This was an exact copy of how I had it setup for the six network except the interface and source differences. I also placed this rule at the very top of the list.
Devices on the six network can access the shared lan device (.5.15). However, when I try from a device on the seven network I get nothing.
If I run a ping from within PFSense from each of the associated VLANs they come back with a response. When I try from a laptop on the seven network to the shared device it doesn't respond. Tracert from the laptop shows nothing. The
What could I be missing or how can I help find out what's going PC?
-
@CommonSense Well, at the least the problem with ping can be easily explained - the rule you described is for TCP and UDP, but not ICMP. Can you access the device when you add a temporary "Allow All" rule to "seven" interface? What kind of storage device are you using? Maybe it's the device itself blocking access from other networks. I've had this problem with a WD NAS, where I needed to use NAT to access the web interface.
-
@paoloposo Yep, that seemed to be my issue. I was too focused on the ping! I simply rebooted both my NAS and firewall and was able to access it via smb & ip. Thanks!