Proxy and land subnets
-
Hi, first greetings for your work.
I have a pfsense firewall, Dual Wan + Load Balancer + Packages(Squid+Spamd)
The lan segment have another network segments with a gateway on lan.
Example:
PfSense Lan IP: 192.168.0.13
Lan Router Gateway: 192.168.0.21
This gateway allow access to : 192.168.10.0/24 to 192.168.16.0/24 networksI add the routes on pfsense and i can ping any host on that neworks from pfsense, but if i try a ping from a host on that network to the pfsense 192.168.0.13 lan ip, i dont get a response.
We want allow proxy internet access to that networks not direct access.
Sorry for my bad english.
Thanks in advance.
-
Try to tick the following box at system>advanced:
Bypass firewall rules for traffic on the same interface
This option only applies if you have defined one or more static routes. If it is enabled, traffic that enters and leaves through the same interface will not be checked by the firewall. This may be desirable in some situations where multiple subnets are connected to the same interface.
-
Lan Router Gateway: 192.168.0.21
This gateway allow access to : 192.168.10.0/24 to 192.168.16.0/24 networksi miss 1 thing in this list
dit you make a route to the pfsense server on the lan gateway so that that trafic can go to the 192.168.0.0/24 network ?and dit you make on pfsense a rule to allow imcp (ping,echo enz) from the lan
-
I make a static route for the lan subnets 192.168.10.0/24 to 192.168.16.0/24 and as i say, can ping from pfsense to remote network host.
I make your change hoba and nothing changes. I have many entries on system log as this
"kernel: arpresolve: can't allocate route for 192.168.1.21"
"kernel: arplookup 192.168.1.21 failed: host is not on local network"
I add a entry on firewall rules->lan to allow all traffic from any to pfsense firewall ip with loggin and nothing logs in firewall log for remote subnet traffic.
I can ping from a host on remote networks to another host in lan net but not to the firewall lan ip ???
-
Looks like you have a typo somewhere and use 192.168.1.21 as gateway instead of 192.168.0.21. With these log entries it's quite obvious.
-
routes are ok hoba, i can ping from pfsense to remote subnet hots via subnet gateway.
I make a static route for the lan subnets 192.168.10.0/24 to 192.168.16.0/24 and as i say, can ping from pfsense to remote network host.
I make your change hoba and nothing changes. I have many entries on system log as this
"kernel: arpresolve: can't allocate route for 192.168.1.21"
"kernel: arplookup 192.168.1.21 failed: host is not on local network"
I add a entry on firewall rules->lan to allow all traffic from any to pfsense firewall ip with loggin and nothing logs in firewall log for remote subnet traffic.
I can ping from a host on remote networks to another host in lan net but not to the firewall lan ip ???
sorry i type 1.21 and is 0.21 , typing mistake.
-
i think find the problem, i see on diagnostic->routes an ipv4 destination 192.168.0.21 with gateway on a remote subnet but in system->static routes i dont see any mistake.
How can i delete that static route?
-
Not sure how that ends up there. Everything is generated on bootup/change form the config.xml. Did you try to reboot? What version are you on?
-
fixed, thanks hoba, the main windows technical solution works "reboot", i think the problem was a mistake making static routes for the lan subnets.
-
Good to hear :D