OPT1 and LAN communications isseus
-
All I have searched these forum for a definative answer to this problem all I see is sujjestions but no definative answers: so Ill give it a try.
My Network consist of
WAN->static internet
LAN-192.168.0.0/24
OPT1-10.5.5.0/24I CAN NOT communicate between host on either networks just the network interfaces on the pfsense router
I get internet on Lan1 and OPT1 hosts just fine
–--client on LAN 192.168.0.200/24-----
GW 192.169.0.1
DNS:8.8.8.8Client on the OPT1 10.5.5.15
GW-10.5.5.1
DNS 8.8.8.8I can ping 10.5.5.1 from LAN client 192.168.0.200 (10.5.5.1 is OPT1 NIC)
I can ping 192.168.0.1 from OPT client 10.5.5.15 (192.168.0.1 isw LAN NIC)What I CANNOT DO IS:
PING from 10.5.5.15 to 192.168.0.200 or the other way around. The packets get dropped at the Pfsense box despite my FW rulesBLOCK private/bogon networks is unchecked on OPT1
My firewall rules are:
On OPT1
* OPT1 net * * * * none OPT1-> any
* OPT1 net * LAN net * * none OPT1 to LANON LAN
* LAN net * * * * none Default allow LAN to any rule
* LAN net * OPT1 net * * none Lan to OPT1See my rules on my nat below i dont think they are relevant as my internet works on both OPT and LAN
WAN 192.168.0.0/24 * * 500 * * YES Auto created rule for ISAKMP - LAN to WAN
WAN 192.168.0.0/24 * * * * * NO Auto created rule for LAN to WAN
WAN 10.5.5.0/24 * * 500 * * YES Auto created rule for ISAKMP - OPT1 to WAN
WAN 10.5.5.0/24 * * * * * NO Auto created rule for OPT1 to WANMy Version is
2.0-BETA4 (i386)
built on Wed Oct 20 05:22:55 EDT 2010
FreeBSD 8.1-RELEASE-p1Please help - I need desperate to get this thing working!!!!!!!!!!!!!
! -
Did you reset firewall states after modifying the rules? (See Diagnostics -> States, click on the Reset States tab).
-
I did as you suggested but the situation remains the same: no OPT1 LAN communication. Im yet to see a sucessfull implematation of this somwhat simple setup for pfsense. Most suggest bridging, however i dont want to do this as i dont have control over the network addresses ie (10.5.5.0 or 192.1680.0). Is this at all possible with pfsense?
HELP!!!
-
@Kc:
Im yet to see a sucessfull implematation of this somwhat simple setup for pfsense.
My 'production' pfSense has a server on OPT1 and a number of PCs on LAN. I have no trouble accessing the server on OPT1 from LAN PCs and the server has no trouble regularly backing up one of the LAN PCs.
However this pfSense runs pfSense 1.2.3. You (for some reason) are running a now fairly old snapshot build of pfSense 2.0. These snapshot builds can have a variety of bugs in them (including broken kernels that required a reinstall to fix). Read the 2.0 BETA forum for a sample. I suspect it is now unlikely than anyone would remember if your particular snapshot build had a bug that could explain what you report.
If you want a stable platform you should be using pfSense 1.2.3. But there might be a good reason you can't (for example, hardware not supported in 1.2.3). If you want to use snapshot builds you should be prepared to update regularly if some functionality you need doesn't work.
My suggestions:
Use pfSense 1.2.3. If you can't, then reboot; if you still can't communicate between OPT1 and LAN then upgrade your firmware to the latest and try again. If it still doesn't work then discuss in the 2.0 BETA forum.If you are desperate to get your configuration working you should probably be using pfSense 1.2.3 which has a much larger user base than any of the 2.0 snapshot builds.
-
Oh, and if you decide to go to pfSense 1.2.3 then you probably can't use your 2.0 snapshot build configuration file. If I recall correctly there is a sticky note about configuration files and downgrades in the 2.0 BETA forum.
-
wallabybob, Ill give 1.2.3 a go and tell u how it goes.
tnx