FIREWALL RULES FOR TRAFFIC BETWEEN INTERFACES

podilarius

not really, but you can get to the machine on the default LAN, so why do you need to access it on opt2? You usually split networks with potentially a NIC in both subnets, usually to manage on both subnets.

Summer

The default LAN of the Win7 PC is different from the one of pfsense, that is the problem, i've got
NIC 1 : default LAN DIFFERENT from the LAN of Pfsense
NIC 2:  address on OPT2 network,

I've added a route to the LAN of Pfesense
IP ADDRESS      MASK                  GATEWAY      INTERFACE        METRIC
192.168.10.0    255.255.255.0    192.168.2.3  192.168.2.133    2000  >>> to reach LAN of pfsense
0.0.0.0    255.255.255.0    x.x.x.x  x.x.x.133    4000  >>> default LAN

If I tracert google from the win7 it pass trough  the x.x.x.x133, if tracert an address 192.168.10.x it doesn't call  the default  but goes directly to the address.
But if I ping the win7 pc from behind the LaN I can't reach it.

Metu69salemi

Weird mask you have on your default Wan connection. I have 0.0.0.0
And i think that no harm is made if you reduce your metric value of that on-site subnet

Summer

sorry I didn't copy and pasted, a writing error the correct one is

IP ADDRESS      MASK                  GATEWAY      INTERFACE        METRIC
192.168.10.0    255.255.255.0    192.168.2.3  192.168.2.133    2000  >>> to reach LAN of pfsense
0.0.0.0    0.0.0.0    x.x.x.x  x.x.x.133    4000  >>> default LAN

if I ping from ssh from  firewall I can get reply, if I do from LAN behind firewall  no.
The problem is that the others hosts, not with Win7 can be accessed from LAN behind firewall with the current rules.

podilarius

What is the status of the Windows firewall in the Win7 machine? usually Win 7 firewall will not accept connections from a subnet that is not represented by a NIC. Also check your RDP settings also to make sure you can connect from anywhere.