Easy multiple subnet/multiple lan question



  • Ok i have two lan interfaces, dhcp server is enabled on both of them

    lan: 192.168.1.1/24
    opt1 129.168.2.1/24

    works great, at first nothing on the opt1 subnet could access out, then i remembered that pfsense disables traffic in the rules by default, added a rule to allow anything source opt1 net, exactly as the default lan rule is, i plan to be more restrictive with this once i get everything working

    so after adding the rule everything seems to work fine, however i can no longer access from lan net to opt1 net or the other way around, so both can access the internet, the internet can access either of them (as per nat rules)… but they can not communicate between each other.

    this is important for me to do because i have my servers on one subnet, and my personal computers on another. i plan to be much more restrictive with access to the net with my servers on it, but i still need to be able to ssh into the opt1 net (with servers on it) from the lan net.

    is there something that im missing or don't know?

    thanks
    kyle



  • @kage:

    i can no longer access from lan net to opt1 net or the other way around, so both can access the internet, the internet can access either of them (as per nat rules)… but they can not communicate between each other.

    It would help if you gave more details about "can not access from lan net to opt1 net". What access are you trying? (ping? traceroute? ftp? web access? etc) What error report do you get on the access attempt? Does specifying the access target by IP address give a different result from specifying the target by name?

    Does the firewall log show anything relevant?



  • Hello,

    I'm having the  exact same issue with an Alix 2D13 board (3 LAN).

    LAN  : 192.168.1.254/24
    LAN2  : 192.168.2.254/24
    WAN : DHCP on my ISP

    PCs on both LANs are able to access Internet, web, e-mail etc  (per permissive rule set both on LAN and LAN2).

    But no communication between LANs. No logs to indicate the error/blocking rule.

    I tried to perform a Packet Capture but failed (looks like the .php is not executable).

    Any help appreciated.



  • My previously asked questions in this thread are just as relevant to your configuration.


Locked