VLAN, LAN can ping trunk, cannot ping any devices

brianjmc1

Newbie screwed up terminology - sorry about that!!!!
No VLAN, I have WAN, LAN and LAN2, on three of the interfaces... Two physical different LANS

I want LAN to be able to pass traffic to LAN2. I do not want LAN2 to be able to pass traffic to LAN.

again, setting up security cameras on LAN2 and want to keep any traffic out of LAN. I do want to be able to access the cameras, that's why I want LAN to be able to pass traffic to LAN2.

Currently LAN can ping LAN2 trunk only(no devices on LAN2).
Lan2 can ping LAN only trunk(no devices on LAN).

Jarhead

@brianjmc1 Ok. So this is not the firewalls problem. From what you say, it screams of a gateway issue on the devices.
Just to recap, all devices on LAN can access each other and the internet.
All devices on LAN2 can access each other and the internet.
Nothing on LAN can access LAN2.
Nothing on LAN2 can access LAN.
Is that correct?

I would hook up a laptop (turn off software firewalls on it) on LAN2 and use that for testing, stay away from the cams for now. Make sure it gets a DHCP address, then ping the gateway (by the way, it's not a trunk, it's a gateway. just for clarification). Make sure you can access the internet. Then ping something on the LAN. All that should pass by the rules you have.
Then try to ping the LAN2 laptop from a device on the LAN. Should also pass by rules.

If all that is good, look at the cams. Again, sounds like a gateway problem.

brianjmc1

@Jarhead

1. Yes, all devices on LAN can access each other and the internet
2. Yes, all devices on LAN2 can access each other and the internet
   LAN devices can only ping Gateway 192.168.20.1 on LAN2
   LAN2 devices can only ping Gateway 192.168.10.1 on LAN

Already have laptop on LAN2, that I can remote to so i can play in LAN2 for testing. Its getting DHCP and again, can ping LAN gateway(192.168.10.1), but no other devices.

So again, LAN cannot access anything on LAN2 and LAN2 cannot access anything on LAN - as of right now...

thanks,
Brian

Jarhead

@brianjmc1 And any software firewalls are off? Windows defender for example.
Nothing in pfSense is blocking traffic between the 2 so you have to look at the devices.

brianjmc1

No firewall on laptop, only for me to get at the other side for testing. Maybe it needs a reboot...

Thanks,
brian

Jarhead

@brianjmc1 Start using the packet capture in that case.
Filter it to pings from the laptops IP, start it on the LAN interface and do a ping from the laptop to LAN. See if the requests are getting to the LAN and the device is replying. Then start it on the LAN2 side and see if the replies are getting through.

brianjmc1

OK, in my home lab, I built a brand new PFsense 2.6
configured WAN, LAN, OPT1

Out of the box, LAN has internet , OPT1 does not...
added rule for Opt1, now it has internet.

No pinging from LAN to OPT1 devices or OPT1 to LAN devices
added a rule on LAN to pass traffic to OPT1
added a rule on OPT1 to pass traffic to LAN

It works and can access either direction......

must be something wrong with original PFsense that i have been trying...
that's my only conclusion.... extremely frustrating....

only other difference is on original not working right, I have openVPN and IPSEC tunnels..

I need a drink!!!!!!

Jarhead

@brianjmc1 Oh, Maybe you have overlapping subnets on the VPN's?
How about any policy routing?
Did you try the packet capture?

A Former User

@brianjmc1

If you do not have VLANs, you have no need for a trunk. You should use access ports on your switch instead.

brianjmc1

no VLANS, 2x LANS, two different physical networks off of 2x interfaces....

Wan, LAN, OPT1

thanks,
Brian

A Former User

@brianjmc1

Yeah, that's how I understood that. But, how do you connect pfSense to your network? The issue seems to be with that connection, not pfSense. How's your switch configured?

brianjmc1

@kjk54 sorry, my misunderstanding!!!!

I have two physical not connected, dumb LANS - best way i can say it...

Switch one connects to LAN and connects most devices
Switch two connects to OPT1 and then connects a security camera system

Trying to keep all traffic of OPT1 from getting to LAN...

My PFsense has 4 physical ports WAN, LAN, OPT1, OPT2(not used)

A Former User

@brianjmc1

2 unmanaged switches?

brianjmc1

Yes, sir

A Former User

@brianjmc1

I've reread your post. Do I understand it correctly, that now your issue is that the OPT1 network can access the LAN network?

brianjmc1

Original pfsense, lan cannot access opt1, opt1 cannot access lan

Little while ago setup a brand new pfsense.... after adding opt1 rule for internet and lan access opt1, and opt1 access lan, it works, so issue with original pfsense...

Thanks,
Brian

A Former User

@brianjmc1

I'm having difficulties understanding the issue. It would help if you do not compare some setups, but just say what the issue is with the current setup.

brianjmc1

please see message #7 for the issue....
thanks!

Jarhead

@brianjmc1 Did you do the packet capture?

A Former User

@brianjmc1

#7?

'OK, in my home lab, I built a brand new PFsense 2.6
configured WAN, LAN, OPT1

Out of the box, LAN has internet , OPT1 does not...
added rule for Opt1, now it has internet.

No pinging from LAN to OPT1 devices or OPT1 to LAN devices
added a rule on LAN to pass traffic to OPT1
added a rule on OPT1 to pass traffic to LAN

It works and can access either direction......

must be something wrong with original PFsense that i have been trying...
that's my only conclusion.... extremely frustrating....

only other difference is on original not working right, I have openVPN and IPSEC tunnels..

I need a drink!!!!!!"

Well, saying it is "not working right" doesn't say much. I think I need to say bye. Sorry.