FIREWALL RULES FOR TRAFFIC BETWEEN INTERFACES

podilarius · Aug 1, 2012, 5:56 PM

not really, but you can get to the machine on the default LAN, so why do you need to access it on opt2? You usually split networks with potentially a NIC in both subnets, usually to manage on both subnets.

Summer · Aug 2, 2012, 2:56 PM

The default LAN of the Win7 PC is different from the one of pfsense, that is the problem, i've got
NIC 1 : default LAN DIFFERENT from the LAN of Pfsense
NIC 2: address on OPT2 network,

I've added a route to the LAN of Pfesense
IP ADDRESS MASK GATEWAY INTERFACE METRIC
192.168.10.0 255.255.255.0 192.168.2.3 192.168.2.133 2000 >>> to reach LAN of pfsense
0.0.0.0 255.255.255.0 x.x.x.x x.x.x.133 4000 >>> default LAN

If I tracert google from the win7 it pass trough the x.x.x.x133, if tracert an address 192.168.10.x it doesn't call the default but goes directly to the address.
But if I ping the win7 pc from behind the LaN I can't reach it.

Metu69salemi · Aug 2, 2012, 7:49 PM

Weird mask you have on your default Wan connection. I have 0.0.0.0
And i think that no harm is made if you reduce your metric value of that on-site subnet

Summer · Aug 7, 2012, 1:12 PM

sorry I didn't copy and pasted, a writing error the correct one is

IP ADDRESS MASK GATEWAY INTERFACE METRIC
192.168.10.0 255.255.255.0 192.168.2.3 192.168.2.133 2000 >>> to reach LAN of pfsense
0.0.0.0 0.0.0.0 x.x.x.x x.x.x.133 4000 >>> default LAN

if I ping from ssh from firewall I can get reply, if I do from LAN behind firewall no.
The problem is that the others hosts, not with Win7 can be accessed from LAN behind firewall with the current rules.

podilarius · Aug 7, 2012, 2:12 PM

What is the status of the Windows firewall in the Win7 machine? usually Win 7 firewall will not accept connections from a subnet that is not represented by a NIC. Also check your RDP settings also to make sure you can connect from anywhere.