Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing issue?

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    5 Posts 4 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      brianmahler10
      last edited by

      What am I missing?

      • I can ping from a PC on the 172.16.1.x network to anywhere on the internet.  GREAT works as it is supposed to.
      • But my pings from a pc on the 192.168.1.x network cannot ping beyond the public ip address of the pfSense firewall.  But can ping the WAN interface of the firewall and everything this side of it.

      I have checked the pfsense static route pointing to the networks on other side of the router.  Looks good.  Can include screen shot upon request.  192.168.1.0/24  is accessible thru GW 172.16.1.2

      I am pinging using ip address so that DNS is removed from the equation.

      Here is a basic diagram (sort of  :)  ).  Public IP address are fictious.

      PC                >    Router            >  pfsense FW          >  isp gateway    >  internet
      192.168.1.51      192.168.1.1
                                      172.16.1.2  >  172.168.1.1 
                                                                    67.42.24.5  >  67.41.239.100  >  4.2.2.2

      I can include my pfsense config if that helps.

      Also I can see (using wireshark)  outbound TCP traffic hitting the inside interface of the pfSense firewall but no response from the outside world, and thus timeout.  This confirms that the default route on the router is configured correctly.

      The default firewall rule "any traffic on the LAN is permitted anywhere" is still active.

      Any help is appreciated.

      Brian

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        @brianmahler10:

        The default firewall rule "any traffic on the LAN is permitted anywhere" is still active.

        It is my recollection that the default firewall rule on the LAN interface is "allow any traffic from the LAN net" or (to put it more precisely) "allow any traffic from an IP address on the IP subnet of the LAN interface". Traffic from 192.168.1.x is not from your LAN subnet (unless there is something you haven't told us.)

        You can see the pfSense firewall log at Status -> System Logs, click on Firewall tab.

        After you tweak firewall rules it is often necessary to reset firewall states (see Diagnostics -> States and click on Reset States tab). I have often forgotten that one.

        1 Reply Last reply Reply Quote 0
        • P
          podilarius
          last edited by

          Also you will need to check outbound NAT. If you switched over to manual, then you will  need to add a rule for the different subnet. I am not sure about automatic outbound NAT and different subnets.

          1 Reply Last reply Reply Quote 0
          • M
            Metu69salemi
            last edited by

            @podilarius:

            Also you will need to check outbound NAT. If you switched over to manual, then you will  need to add a rule for the different subnet. I am not sure about automatic outbound NAT and different subnets.

            Automatic mode can take care of internal lan's

            1 Reply Last reply Reply Quote 0
            • B
              brianmahler10
              last edited by

              RESET STATES…Fixed it.
              Thank you.

              I had tried the rules for the 192.168.1.x networks before but to no avail... but that was because I never "reset Firewall states".    Once I did that it was all working .

              Thanks again.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.