Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LAN can only access some of the nets available to pfsense

    Scheduled Pinned Locked Moved NAT
    6 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      richifejs
      last edited by

      Hello,

      If this is the wrong subforum for my question I apologize.

      The attachment to this post is a simple diagram of how our pfsense is set up.

      From the LAN side I can only access WAN and one of the VLANs (vlan1, 192.168.10.0/24). If I log in to pfsense via ssh I can ping hosts on all the nets (192.168.1x.x).

      Firewall rules are identical on all interfaces. Any ideas appricieated.

      pfsense version:
      1.2.3-RELEASE
      built on Mon Dec 7 23:21:58 EST 2009

      pfsense.JPG
      pfsense.JPG_thumb

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Don't use vlan1 since this is the default VLAN.
        Or are you talking about the name of the interface on the pfSense?

        How exactly do your firewall rules look? (screenshot)

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • R
          richifejs
          last edited by

          Thank you for replying,

          I do not actually use vlan1, I just made it up for the post, the actual ID is different. Attached is the screenshot you requested.

          "BackupVlanGul" is the one I can access from LAN, the other ones only from the pfsense box.

          screen.JPG
          screen.JPG_thumb

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Often, cases like this turn out to be an issue with client system subnet masks and gateways. Can you confirm that the client PCs have proper settings on their network cards?

            And can you do a packet capture or tcpdump on LAN and the VLAN interfaces to see if the traffic actually tries to pass through?

            If it were being blocked by pfSense, there would be an entry in the firewall log. Do you see such an entry?

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • GruensFroeschliG
              GruensFroeschli
              last edited by

              I assume the alias "robustus" contains all your local subnets?
              When you assigned the VLANs.
              Do you have only VLANs on the parent interface.
              –> The parent interface not assigned directly?

              If you assign the parent interface directly you may run into problems like described.

              We do what we must, because we can.

              Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

              1 Reply Last reply Reply Quote 0
              • R
                richifejs
                last edited by

                Thank you all for your help.

                I solved it by turning off automatic outbound nat and manually setting rules for each of the vlan interfaces.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.