FIREWALL RULES FOR TRAFFIC BETWEEN INTERFACES
-
not really, but you can get to the machine on the default LAN, so why do you need to access it on opt2? You usually split networks with potentially a NIC in both subnets, usually to manage on both subnets.
-
The default LAN of the Win7 PC is different from the one of pfsense, that is the problem, i've got
NIC 1 : default LAN DIFFERENT from the LAN of Pfsense
NIC 2: address on OPT2 network,I've added a route to the LAN of Pfesense
IP ADDRESS MASK GATEWAY INTERFACE METRIC
192.168.10.0 255.255.255.0 192.168.2.3 192.168.2.133 2000 >>> to reach LAN of pfsense
0.0.0.0 255.255.255.0 x.x.x.x x.x.x.133 4000 >>> default LANIf I tracert google from the win7 it pass trough the x.x.x.x133, if tracert an address 192.168.10.x it doesn't call the default but goes directly to the address.
But if I ping the win7 pc from behind the LaN I can't reach it. -
Weird mask you have on your default Wan connection. I have 0.0.0.0
And i think that no harm is made if you reduce your metric value of that on-site subnet -
sorry I didn't copy and pasted, a writing error the correct one is
IP ADDRESS MASK GATEWAY INTERFACE METRIC
192.168.10.0 255.255.255.0 192.168.2.3 192.168.2.133 2000 >>> to reach LAN of pfsense
0.0.0.0 0.0.0.0 x.x.x.x x.x.x.133 4000 >>> default LANif I ping from ssh from firewall I can get reply, if I do from LAN behind firewall no.
The problem is that the others hosts, not with Win7 can be accessed from LAN behind firewall with the current rules. -
What is the status of the Windows firewall in the Win7 machine? usually Win 7 firewall will not accept connections from a subnet that is not represented by a NIC. Also check your RDP settings also to make sure you can connect from anywhere.