• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Trouble isolating two subnets

Scheduled Pinned Locked Moved Firewalling
6 Posts 4 Posters 2.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    nihility
    last edited by Jan 12, 2011, 6:16 PM

    I have seen others users with different flavors of this problem in other threads, but i haven't found a solution yet.

    I have a 3 nic pfsense setup, WAN , LAN, LAN2, and I'm trying to set it up so LAN can access WAN + LAN2 and LAN2 can only access WAN.

    LAN is 10.0.0.1/24, LAN2 is 10.0.1.1./24

    On LAN i have the default rule:
    1: Pass:  LAN –> *

    On LAN2 i have: 
    1: Block: LAN2 --> LAN  (this one seems redundant)
    2: Pass: LAN2 --> !LAN

    Internet is working flawlessly on both subnets. I can ping and access hosts on LAN2 from LAN. I can't ping hosts from LAN2 and can't access any shares, ssh, etc. But it seems like i can access all web interfaces (like printer, web server, pfsense-webgui, wireless access points, switches, etc) on LAN from LAN2. I have tried some different rules, but i can't seem to fix this.

    Any hints?

    thanking in advance.

    1 Reply Last reply Reply Quote 0
    • C
      clarknova
      last edited by Jan 12, 2011, 7:01 PM

      LAN2 rule 1 is redundant.

      Are those services available from the WAN? Maybe loopback is to blame.

      db

      1 Reply Last reply Reply Quote 0
      • N
        nihility
        last edited by Jan 12, 2011, 7:32 PM

        The web server is on LAN and is available from WAN.

        To me it seems like pfsense doesn't block traffic on port 80 from LAN2 to LAN. I tried setting up another web server on LAN with some obscure port number and it too was not accessible from LAN2.

        Just don't get this:/

        1 Reply Last reply Reply Quote 0
        • D
          danswartz
          last edited by Jan 13, 2011, 2:29 AM

          Can you clarify what the rules are actually, literally saying?  If you are trying to block subnets, LAN and LAN2 should have the last octet as 0, not 1 (although I think the subnet mask will keep that from being an issue.)

          1 Reply Last reply Reply Quote 0
          • X
            XIII
            last edited by Jan 13, 2011, 7:20 AM

            post pictures or links to pictures of your rules page, this way we can see exactly what your rules look like.

            -Chris Stutzman
            Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
            Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
            freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
            Check out the pfSense Wiki

            1 Reply Last reply Reply Quote 0
            • N
              nihility
              last edited by Jan 14, 2011, 1:42 AM

              Problem solved: http://forum.pfsense.org/index.php/topic,14607.msg77308.html

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received