Trouble isolating two subnets

  • I have seen others users with different flavors of this problem in other threads, but i haven't found a solution yet.

    I have a 3 nic pfsense setup, WAN , LAN, LAN2, and I'm trying to set it up so LAN can access WAN + LAN2 and LAN2 can only access WAN.

    LAN is, LAN2 is

    On LAN i have the default rule:
    1: Pass:  LAN –> *

    On LAN2 i have: 
    1: Block: LAN2 --> LAN  (this one seems redundant)
    2: Pass: LAN2 --> !LAN

    Internet is working flawlessly on both subnets. I can ping and access hosts on LAN2 from LAN. I can't ping hosts from LAN2 and can't access any shares, ssh, etc. But it seems like i can access all web interfaces (like printer, web server, pfsense-webgui, wireless access points, switches, etc) on LAN from LAN2. I have tried some different rules, but i can't seem to fix this.

    Any hints?

    thanking in advance.

  • LAN2 rule 1 is redundant.

    Are those services available from the WAN? Maybe loopback is to blame.

  • The web server is on LAN and is available from WAN.

    To me it seems like pfsense doesn't block traffic on port 80 from LAN2 to LAN. I tried setting up another web server on LAN with some obscure port number and it too was not accessible from LAN2.

    Just don't get this:/

  • Can you clarify what the rules are actually, literally saying?  If you are trying to block subnets, LAN and LAN2 should have the last octet as 0, not 1 (although I think the subnet mask will keep that from being an issue.)

  • post pictures or links to pictures of your rules page, this way we can see exactly what your rules look like.