Default behavior for OPT1 Interface



  • I have read through the pfsense book and searched through the forums but I believe I am missing something. I have a pfsense firewall with several subnets. The default LAN subnet works fine but the Subnet we created for a LAB network is unable to ping the pfsense interface or route traffic to the internet. I would assume that when you create an interface and give it an IP address and subnet mask that pfsense would listen on the IP address given and use this as the gateway to route traffic between the other subnets and the internet. However pfsense is not reachable on the interface at all. Is this the correct behavior?

    Setup

    Cable Provider (bge0)
                  |
    –-----------------------
    |                                |
    LAN Subnet (em2)          LAB Subnet (em0)
    IP: 192.168.0.1              IP: 172.31.0.1
    NM: 255.255.255.0        NM: 255.255.255.0



  • Check your firewall rules to make certain traffic is being passed between your OPT1 lan to the WAN interface… use the LAN interface as a guide.



  • Thanks, its like the pings and traffic don't even get to the interface, nothing in the firewall logs show that the traffic is blocked. Below are the active rules running from the web interface.

    Rules for LAB Net
    Proto Source Port Destination Port Gateway Schedule Description

    • LAB net * * * *   Default LAB -> Any (Allow All Traffic Outbound)

    Rules for LAN Net
    Proto Source Port Destination Port Gateway Schedule Description

    • LAN net * * * *   Default LAN -> Any (Allow All Traffic Outbound)

    Rules for WAN Net
    Proto Source Port Destination Port Gateway Schedule Description

    • 10.7.64.1 * * * *   Block and Do Not Log Traffic From 10.7.64.1


  • Use the packet capture facility to confirm or disprove this.  If your packet traffic isn't getting to the firewall, then the firewall isn't the problem.  If the packet traffic is getting to the firewall, check to see where its going (run packet captures on all interfaces and see where the pings are going).


Log in to reply