LAN can only access some of the nets available to pfsense



  • Hello,

    If this is the wrong subforum for my question I apologize.

    The attachment to this post is a simple diagram of how our pfsense is set up.

    From the LAN side I can only access WAN and one of the VLANs (vlan1, 192.168.10.0/24). If I log in to pfsense via ssh I can ping hosts on all the nets (192.168.1x.x).

    Firewall rules are identical on all interfaces. Any ideas appricieated.

    pfsense version:
    1.2.3-RELEASE
    built on Mon Dec 7 23:21:58 EST 2009




  • Don't use vlan1 since this is the default VLAN.
    Or are you talking about the name of the interface on the pfSense?

    How exactly do your firewall rules look? (screenshot)



  • Thank you for replying,

    I do not actually use vlan1, I just made it up for the post, the actual ID is different. Attached is the screenshot you requested.

    "BackupVlanGul" is the one I can access from LAN, the other ones only from the pfsense box.



  • Rebel Alliance Developer Netgate

    Often, cases like this turn out to be an issue with client system subnet masks and gateways. Can you confirm that the client PCs have proper settings on their network cards?

    And can you do a packet capture or tcpdump on LAN and the VLAN interfaces to see if the traffic actually tries to pass through?

    If it were being blocked by pfSense, there would be an entry in the firewall log. Do you see such an entry?



  • I assume the alias "robustus" contains all your local subnets?
    When you assigned the VLANs.
    Do you have only VLANs on the parent interface.
    –> The parent interface not assigned directly?

    If you assign the parent interface directly you may run into problems like described.



  • Thank you all for your help.

    I solved it by turning off automatic outbound nat and manually setting rules for each of the vlan interfaces.


Log in to reply