OPT1 and LAN communications isseus

Kc

All I have searched these forum for a definative answer to this problem all I see is sujjestions but no definative answers: so Ill give it a try.

My Network consist of
WAN->static internet
LAN-192.168.0.0/24
OPT1-10.5.5.0/24

I CAN NOT communicate between host on either networks just the network interfaces on the pfsense router

I get internet on Lan1 and OPT1 hosts just fine

–--client on LAN 192.168.0.200/24-----
GW 192.169.0.1
DNS:8.8.8.8

Client on the OPT1 10.5.5.15
GW-10.5.5.1
DNS 8.8.8.8

I can ping 10.5.5.1 from LAN client 192.168.0.200 (10.5.5.1 is OPT1 NIC)
I can ping 192.168.0.1 from OPT client 10.5.5.15 (192.168.0.1 isw LAN NIC)

What I CANNOT DO IS:
PING from 10.5.5.15 to 192.168.0.200 or the other way around. The packets get dropped at the Pfsense box despite my FW rules

BLOCK private/bogon networks is unchecked on OPT1

My firewall rules are:
On OPT1
    *  OPT1 net  *  *  *  *  none    OPT1-> any   
    *  OPT1 net  *  LAN net  *  *  none    OPT1 to LAN

ON LAN
    *  LAN net  *  *  *  *  none    Default allow LAN to any rule   
    *  LAN net  *  OPT1 net  *  *  none    Lan to OPT1

See my rules on my nat below i dont think they are relevant as my internet works on both OPT and LAN
WAN    192.168.0.0/24  *  *  500  *  *  YES Auto created rule for ISAKMP - LAN to WAN   
WAN    192.168.0.0/24  *  *  *  *  *  NO Auto created rule for LAN to WAN   
WAN    10.5.5.0/24  *  *  500  *  *  YES Auto created rule for ISAKMP - OPT1 to WAN   
WAN    10.5.5.0/24  *  *  *  *  *  NO Auto created rule for OPT1 to WAN

My Version is
2.0-BETA4 (i386)
built on Wed Oct 20 05:22:55 EDT 2010
FreeBSD 8.1-RELEASE-p1

Please help - I need desperate to get this thing working!!!!!!!!!!!!!
!

wallabybob

Did you reset firewall states after modifying the rules? (See Diagnostics -> States, click on the Reset States tab).

Kc

I did as you suggested but the situation remains the same: no OPT1 LAN communication. Im yet to see a sucessfull implematation of this somwhat simple setup for pfsense. Most suggest bridging, however i dont want to do this as i dont have control over the network addresses ie (10.5.5.0 or 192.1680.0). Is this at all possible with pfsense?

HELP!!!

wallabybob

@Kc:

Im yet to see a sucessfull implematation of this somwhat simple setup for pfsense.

My 'production' pfSense has a server on OPT1 and a number of PCs on LAN. I have no trouble accessing the server on OPT1 from LAN PCs and the server has no trouble regularly backing up one of the LAN PCs.

However this pfSense runs pfSense 1.2.3. You (for some reason) are running a now fairly old snapshot build of pfSense 2.0. These snapshot builds can have a variety of bugs in them (including broken kernels that required a reinstall to fix). Read the 2.0 BETA forum for a sample. I suspect it is now unlikely than anyone would remember if your particular snapshot build had a bug that could explain what you report.

If you want a stable platform you should be using pfSense 1.2.3.  But there might be a good reason you can't (for example, hardware not supported in 1.2.3). If you want to use snapshot builds you should be prepared to update regularly if some functionality you need doesn't work.

My suggestions:
Use pfSense 1.2.3. If you can't, then reboot; if you still can't communicate between OPT1 and LAN then upgrade your firmware to the latest and try again. If it still doesn't work then discuss in the 2.0 BETA forum.

If you are desperate to get your configuration working you should probably be using pfSense 1.2.3 which has a much larger user base than any of the 2.0 snapshot builds.

wallabybob

Oh, and if you decide to go to pfSense 1.2.3 then you probably can't use your 2.0 snapshot build configuration file. If I recall correctly there is a sticky note about configuration files and downgrades in the 2.0 BETA forum.

Kc

wallabybob, Ill give 1.2.3 a go and tell u how it goes.

tnx