Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to access LAN subnets from PfSense

    Routing and Multi WAN
    3
    8
    480
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      uvalleza
      last edited by uvalleza

      Hi all, I am wondering if someone can point me in the right direction.

      So the issue i am having is that I cannot ping the VLANs from pfsense to Ubiquiti UDM. High level this is what I have.

      Modem
      192.168.1.1

      v

      Pfsense
      Public IP on WAN (XX.XX.XX.XX)
      LAN IP on LAN (10.1.5.0/24) 10.69.5.1

      ^ OK
      v BROKEN

      Dream Machine UDM
      10.1.5.4 -> WAN IP From Pfsense
      10.1.1.0/24 Default VLAN
      10.1.2.0/24 Main VLAN
      10.1.3.0/24 Servers VLAN
      10.1.4.0/24 Camera VLAN
      VLAN 5 - Set as Third Party Gateway
      10.20.1.0/24 Guest VLAN

      ^ OK
      v OK

      Switch Enterprise 24 port
      Have all my devices connecting here

      So from my switch/internal devices I can ping every device including the pfsense firewall and modem but from my pfsense firewall I cannot ping anything internal. I have tried multiple combinations to try to get this working and while I know one of the options is to just get rid of the Dream Machine or have Pfsense manage all the devices, I am not trying to do that since I've heard and seen post people claiming it can be done but I cannot find specific instructions on how to do so.

      At this point, it is my understanding that Pfsense has no idea that the other VLANs exists and I've tried multiple combinations as far as creating the VLANs and firewall rules but honestly, have no idea what I'm doing, when it comes to networking. The only hint I've gotten is to do Inter VLAN rules but unsuccessful.

      Any help would be appreciated.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @uvalleza
        last edited by

        @uvalleza the Dream Maxine is NATting? You probably need static routes. See

        https://docs.netgate.com/pfsense/en/latest/troubleshooting/packet-loss.html#routing-problems
        https://docs.netgate.com/pfsense/en/latest/routing/static.html

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        U 1 Reply Last reply Reply Quote 0
        • U
          uvalleza @SteveITS
          last edited by

          @SteveITS

          Hey Steve, tried that but for some reason it doesnt let me add the route. I'm trying to set the WAN interface to route to my default 10.1.1.0/24 Default VLAN but it errors out. Maybe ill spend some time to see why it doesn't let me add a static route to it.

          U 1 Reply Last reply Reply Quote 0
          • U
            uvalleza @uvalleza
            last edited by

            So just a quick update no success so far, the only thing I can think of is that it is not working because it already has the default gateway ip to 10.1.1.1. At this point, I'm considering leaving as is since everything else is working. The main reason I wanted to see if I can get this to work is because i have tailscale setup on pfsense but when I vpn in, i cannot see my cameras and i didnt want to enable remote access on the Ubiquiti system. For now, i guess ill leave it on.

            V 1 Reply Last reply Reply Quote 0
            • V
              viragomann @uvalleza
              last edited by

              @uvalleza said in Unable to access LAN subnets from PfSense:

              only thing I can think of is that it is not working because it already has the default gateway ip to 10.1.1.1.

              pfSense?

              I'd expect, that you have a public default gateway, since you have a public WAN as you stated above.

              U 1 Reply Last reply Reply Quote 0
              • U
                uvalleza @viragomann
                last edited by uvalleza

                @viragomann this is in the Dream Machine. I am showing in my Dashboard

                WAN IP (Port 10) 10.1.4.13
                Gateway IP 10.1.1.1

                I was trying to set a static route from 10.1.4.13 -> 10.1.1.1 but dream machine just throws a generic error with no details as why I cannot add it.

                So, while I am getting internet from the pfsense, the pfsense itself cannot ping any computer/device inside my network (Dream machine).

                So my devices that are setup in the dream machine can both hit the internet/pfsense/modem, pfsense itself cannot hit anything inside the dream machine or the dream machine itself. Not sure if that makes sense.

                V 1 Reply Last reply Reply Quote 0
                • V
                  viragomann @uvalleza
                  last edited by

                  @uvalleza
                  You have to add the static route on pfSense.
                  System > Routing

                  On the gateway tab add a gateway with the WAN-IP of the Dream machine.
                  Then rout to the Static Routes tab and add a route, e.g. for the cams:
                  Network:10.1.4.0/24
                  Gateway: the DM-GW you added before

                  U 1 Reply Last reply Reply Quote 0
                  • U
                    uvalleza @viragomann
                    last edited by uvalleza

                    @viragomann

                    Hey so, I finally got to this and I did the following:
                    I went to System > Routing and setup a new gateway
                    10.1.4.13 -> This didn't work when I went to the status tab it showed this route as offline so I changed it to (FYI this is the current IP assigned to the DreamMachine WAN Port)
                    10.1.4.1 -> This immediately showed as online

                    I then went into Static Routes and did the following:
                    Add -> Destination Network 10.1.1.0 / 24 -> Gateway 10.1.4.13 -> Didnt work tested with ping and VPN no response. Then did
                    Add -> Destination Network 10.1.1.0 / 24 -> Gateway 10.1.4.1 -> Got a response through ping but seems to be redirecting and I cannot see the machines in VPN

                    PING 10.1.1.1 (10.1.1.1) from 10.1.4.1: 56 data bytes
                    92 bytes from 10.1.4.1: Redirect Host(New addr: 10.1.4.1)
                    Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
                    4 5 00 0054 1747 0 0000 3f 01 0100 10.1.4.1 10.1.1.1

                    92 bytes from 10.1.4.1: Redirect Host(New addr: 10.1.4.1)
                    Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
                    4 5 00 0054 1747 0 0000 3e 01 0200 10.1.4.1 10.1.1.1

                    92 bytes from 10.1.4.1: Redirect Host(New addr: 10.1.4.1)
                    Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
                    4 5 00 0054 1747 0 0000 3d 01 0300 10.1.4.1 10.1.1.1

                    92 bytes from 10.1.4.1: Redirect Host(New addr: 10.1.4.1)
                    Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
                    4 5 00 0054 1747 0 0000 3c 01 0400 10.1.4.1 10.1.1.1

                    FYI just wanted to test the default network since i cant even access the DreamMachine

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.