Routing broken between PFSense Interfaces
I have PFSense 2 running with 6 NICs (4 on a 4 port card, one internal and one addon intel).
Originally I had about 10 VLANS on the internal NIC for tenants in my building and two ports of the 4 port card as wan1 & Wan2 as failover. Everything worked fine, I had a backup device that everyone could access across the vlans. Each vlan has the .254 of it's subnet assigned to it and using static NAT all traffic is passed through a specific public IP outbound. Now there is no VLAN routing happening at all with no changes that I know of. I have assigned 192.168.251.x to another interface not on the vlan just to see if I can ping that and I can't. Weird thing is, if I tracert it from my LAN (or any other one) it's next hop is my default gateway on my primary WAN connection and then that passes on to it's next hop - then nothing.
Any idea why when tracert'ing an internal address pfsense is passing it out of it's default gateway rather than correctly resolving it internally?
I should add internet bound traffic and external to internal port forwarding is all working fine. Each LAN has a rule currently that says All from subnet destined to !subnet is allowed to pass (all protocols).
you might have a gateway(group) defined in the lan firewall rule. this causes internal routes to be ignored.
adding an additional rule with gateway 'any' to match the subnet will allow it to pass
Thanks for the reply. You hit the nail on the head, I have a gateway group as the default gateway and that is the only rule. I can't work out why it was working before but by explicitly putting in an allow rule without a default gateway before the gw rule it works. I hadn't realised pfsense worked that way!