Routing between subnets/VLANs
-
Ok, I'm a hobbyist and not an IT guy, so this will probably be a n00b level question (and I hope I'm even posting in the correct section of the forum). Sometime back I had so many clients on the network that I decided to put all of the wireless devices on a separate subnet, handled with a VLAN. It mostly works, except some devices have no problem talking with others on the other subnet, and others won't.
All of the wired devices are on 192.168.1.0/24 one one interface, and all of the wireless devices are on 192.168.3.0/24 on a VLAN. I can't see why some devices have no issues talking to others on the other subnet, and sometimes what works on some doesn't make sense. So I was setting up a new laptop, and it had no problem mapping a network drive on the wired network to one sever, but it will NOT see the other server that's on the wired subnet.
I have firewall rules in place to pass all traffic between the two, so I'm at a loss.
Suggestions?
-
@brannenj Almost always gonna come down to software firewalls on the pc's themselves but post a pic of your rules from both networks. Unless they really are just ANY/ANY rules. Then most likely software firewalls.
-
@Jarhead yeah the rules are any/any...but if it was software firewall I would think the lack of access would be more consistent. Also, some the devices aren't firewalled because they aren't PCs....WAPs, for example.
-
@brannenj said in Routing between subnets/VLANs:
but it will NOT see the other server that's on the wired subnet.
What do you mean by "see" like discovery - that is not going to work across vlans.. Can you ping the device by ip? Can pfsense itself ping the device.
You sure the device your trying to map the device too is using pfsense as its gateway, if its windows for example out of the box you wouldn't normally be able to map a drive from something other than your local network.
Is this server running a vpn? That can prevent access to from other stuff that is local, etc.
-
@johnpoz can't ping the devices in question, even by IP (unless you're on the same subnet), and neither of the servers are running VPN. And I'm using "server" here in a fairly loose sense; these are dedicated machines used for specific purposes...one is a file server and hosts security cameras, the other is for plex. I'm not running a domain controller or anything like that.
But it's weird because it isn't consistent. So, the laptop can reach a wired printer...but only if I manually supply the IP address...the driver setup won't find the printer on its own, which it will if you install that printer driver on a machine on the wired network subnet.
No problem pinging any of the affected devices from pfSense. This is my home network, so everything is behind this single firewall. My switch is also configured with VLANs that correspond to the wired and wireless subnets, and the only thing wired to the "wireless" VLAN are the APs.
-
@brannenj that screams firewall on the device..
Simple test.. from your wireless vlan ping the IP of the server, when you sniff on pfsense interface on the server interface.. Do you see pfsense send on the ping? If so - and no response then there is something on that device not answering the ping, ie firewall..
Here... pinging another on one of my vlans 192.168.2.50, from my 192.168.9.100 device.. While sniffing on the interface the 2.50 device is on..
If you only see the request, then pfsense sent on the traffic, but the device your pinging is not answering.
If you don't even see the ping requests go out, then pfsense never saw it? Your policy routing traffic, or your rules are not actually any any.. If you dont even see the requests go out on the interface for the server, validate the traffic gets there by sniffing on the pfsense wifi network interface.
