Trouble isolating two subnets
-
I have seen others users with different flavors of this problem in other threads, but i haven't found a solution yet.
I have a 3 nic pfsense setup, WAN , LAN, LAN2, and I'm trying to set it up so LAN can access WAN + LAN2 and LAN2 can only access WAN.
LAN is 10.0.0.1/24, LAN2 is 10.0.1.1./24
On LAN i have the default rule:
1: Pass: LAN –> *On LAN2 i have:
1: Block: LAN2 --> LAN (this one seems redundant)
2: Pass: LAN2 --> !LANInternet is working flawlessly on both subnets. I can ping and access hosts on LAN2 from LAN. I can't ping hosts from LAN2 and can't access any shares, ssh, etc. But it seems like i can access all web interfaces (like printer, web server, pfsense-webgui, wireless access points, switches, etc) on LAN from LAN2. I have tried some different rules, but i can't seem to fix this.
Any hints?
thanking in advance.
-
LAN2 rule 1 is redundant.
Are those services available from the WAN? Maybe loopback is to blame.
-
The web server is on LAN and is available from WAN.
To me it seems like pfsense doesn't block traffic on port 80 from LAN2 to LAN. I tried setting up another web server on LAN with some obscure port number and it too was not accessible from LAN2.
Just don't get this:/
-
Can you clarify what the rules are actually, literally saying? If you are trying to block subnets, LAN and LAN2 should have the last octet as 0, not 1 (although I think the subnet mask will keep that from being an issue.)
-
post pictures or links to pictures of your rules page, this way we can see exactly what your rules look like.
-
Problem solved: http://forum.pfsense.org/index.php/topic,14607.msg77308.html