Routing broken between PFSense Interfaces
-
Hi,
I have PFSense 2 running with 6 NICs (4 on a 4 port card, one internal and one addon intel).
Originally I had about 10 VLANS on the internal NIC for tenants in my building and two ports of the 4 port card as wan1 & Wan2 as failover. Everything worked fine, I had a backup device that everyone could access across the vlans. Each vlan has the .254 of it's subnet assigned to it and using static NAT all traffic is passed through a specific public IP outbound. Now there is no VLAN routing happening at all with no changes that I know of. I have assigned 192.168.251.x to another interface not on the vlan just to see if I can ping that and I can't. Weird thing is, if I tracert it from my LAN (or any other one) it's next hop is my default gateway on my primary WAN connection and then that passes on to it's next hop - then nothing.
Any idea why when tracert'ing an internal address pfsense is passing it out of it's default gateway rather than correctly resolving it internally?
I should add internet bound traffic and external to internal port forwarding is all working fine. Each LAN has a rule currently that says All from subnet destined to !subnet is allowed to pass (all protocols).
Thanks
Graham
-
you might have a gateway(group) defined in the lan firewall rule. this causes internal routes to be ignored.
adding an additional rule with gateway 'any' to match the subnet will allow it to pass
-
Hi Heper,
Thanks for the reply. You hit the nail on the head, I have a gateway group as the default gateway and that is the only rule. I can't work out why it was working before but by explicitly putting in an allow rule without a default gateway before the gw rule it works. I hadn't realised pfsense worked that way!
Thanks
Graham