Trouble isolating two subnets
I have seen others users with different flavors of this problem in other threads, but i haven't found a solution yet.
I have a 3 nic pfsense setup, WAN , LAN, LAN2, and I'm trying to set it up so LAN can access WAN + LAN2 and LAN2 can only access WAN.
LAN is 10.0.0.1/24, LAN2 is 10.0.1.1./24
On LAN i have the default rule:
1: Pass: LAN –> *
On LAN2 i have:
1: Block: LAN2 --> LAN (this one seems redundant)
2: Pass: LAN2 --> !LAN
Internet is working flawlessly on both subnets. I can ping and access hosts on LAN2 from LAN. I can't ping hosts from LAN2 and can't access any shares, ssh, etc. But it seems like i can access all web interfaces (like printer, web server, pfsense-webgui, wireless access points, switches, etc) on LAN from LAN2. I have tried some different rules, but i can't seem to fix this.
thanking in advance.
clarknova last edited by
LAN2 rule 1 is redundant.
Are those services available from the WAN? Maybe loopback is to blame.
The web server is on LAN and is available from WAN.
To me it seems like pfsense doesn't block traffic on port 80 from LAN2 to LAN. I tried setting up another web server on LAN with some obscure port number and it too was not accessible from LAN2.
Just don't get this:/
danswartz last edited by
Can you clarify what the rules are actually, literally saying? If you are trying to block subnets, LAN and LAN2 should have the last octet as 0, not 1 (although I think the subnet mask will keep that from being an issue.)
XIII last edited by
post pictures or links to pictures of your rules page, this way we can see exactly what your rules look like.
Problem solved: http://forum.pfsense.org/index.php/topic,14607.msg77308.html