• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

FIREWALL RULES FOR TRAFFIC BETWEEN INTERFACES

Scheduled Pinned Locked Moved General pfSense Questions
25 Posts 4 Posters 21.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P Offline
    podilarius
    last edited by Aug 1, 2012, 5:56 PM

    not really, but you can get to the machine on the default LAN, so why do you need to access it on opt2? You usually split networks with potentially a NIC in both subnets, usually to manage on both subnets.

    1 Reply Last reply Reply Quote 0
    • S Offline
      Summer
      last edited by Aug 2, 2012, 2:56 PM

      The default LAN of the Win7 PC is different from the one of pfsense, that is the problem, i've got
      NIC 1 : default LAN DIFFERENT from the LAN of Pfsense
      NIC 2:  address on OPT2 network,

      I've added a route to the LAN of Pfesense
      IP ADDRESS      MASK                  GATEWAY      INTERFACE        METRIC
      192.168.10.0    255.255.255.0    192.168.2.3  192.168.2.133    2000  >>> to reach LAN of pfsense
      0.0.0.0    255.255.255.0    x.x.x.x  x.x.x.133    4000  >>> default LAN

      If I tracert google from the win7 it pass trough  the x.x.x.x133, if tracert an address 192.168.10.x it doesn't call  the default  but goes directly to the address.
      But if I ping the win7 pc from behind the LaN I can't reach it.

      1 Reply Last reply Reply Quote 0
      • M Offline
        Metu69salemi
        last edited by Aug 2, 2012, 7:49 PM

        Weird mask you have on your default Wan connection. I have 0.0.0.0
        And i think that no harm is made if you reduce your metric value of that on-site subnet

        1 Reply Last reply Reply Quote 0
        • S Offline
          Summer
          last edited by Aug 7, 2012, 1:12 PM

          sorry I didn't copy and pasted, a writing error the correct one is

          IP ADDRESS      MASK                  GATEWAY      INTERFACE        METRIC
          192.168.10.0    255.255.255.0    192.168.2.3  192.168.2.133    2000  >>> to reach LAN of pfsense
          0.0.0.0    0.0.0.0    x.x.x.x  x.x.x.133    4000  >>> default LAN

          if I ping from ssh from  firewall I can get reply, if I do from LAN behind firewall  no.
          The problem is that the others hosts, not with Win7 can be accessed from LAN behind firewall with the current rules.

          1 Reply Last reply Reply Quote 0
          • P Offline
            podilarius
            last edited by Aug 7, 2012, 2:12 PM

            What is the status of the Windows firewall in the Win7 machine? usually Win 7 firewall will not accept connections from a subnet that is not represented by a NIC. Also check your RDP settings also to make sure you can connect from anywhere.

            1 Reply Last reply Reply Quote 0
            25 out of 25
            • First post
              25/25
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received