[SOLVED] Updated from 2.0.3 to 2.1 cannot access WLAN <-> LAN anymore



  • WLAN subnet: 192.168.70.0/24
    LAN subnet: 192.168.69.0/24

    Before the upgrade I used to be able to access my lan from my wifi devices and viceversa, but now it seems like everything is routed through the WAN even if the destination is a subnet on the pfsense box.

    I didn't have to do anything special in 2.0.3, just got that functionality by default (I have very very few firewall rules and most of them are for sending some traffic through WAN1 instead of the balancer (I have a multiwan setup).

    Any help is appreciated!

    Cheers



  • Can you post your firewall rules for LAN and WAN and OPTs if you have them?

    Also please post the interfaces > WAN, LAN and OPTs screens.

    It will be interesting to see if gateway changes appeared in any of that during upgrade.



  • Firewall rules:


    Interfaces:




    (Wifi doesn't block either bogon or private networks)



  • Nevermind the last rule on the WIFI interface, I was trying to add rules before I realized it was a routing problem.



  • Why don't you put a rule at the very top of WIFI to allow all from WIFI subnet to destination LAN subnet and another on the LAN to allow all from LAN subnet to destination WIFI subnet (with no mention of gateways on either)?



  • Just in case, here is my routing table and what happens when I try to ping a client on the wireless network from a lan pc:



  • See previous comment.  Lets me know what happens.



  • @kejianshi:

    Why don't you put a rule at the very top of WIFI to allow all from WIFI subnet to destination LAN subnet and another on the LAN to allow all from LAN subnet to destination WIFI subnet (with no mention of gateways on either)?

    Tried, no effect. What's disturbing to me is that the answer to my pings comes from I don't know which machine in my provider's subnet! There must be something wrong with my routing :\



  • Correction, it does work! I didn't give it enough time to regenerate the tables!

    These are the new rules:

    LAN:

    WIFI:

    When I tried it before creating this topic I forgot to put it at the top, so it would be the first rule to be matched!

    Thank you!



  • You are welcome.  I'm glad its all good.  Enjoy.  (save configuration quick).



  • Configuration backed up and sent to dropbox, lesson learned :)

    I wonder though, what has changed from 2.0.3 that made my generic all destinations rule (multigateway) to stop ignoring the fact that a destination was local, 'cause I guess that's what made it work before in 2.0.3.

    Well, thanks again!



  • I wish I knew - There was another guy having similar issues but not even a sane set of firewall rules helped him.  Very odd.


  • Netgate Administrator

    Something easy to overlook is the 'Disable Negate rules' option in System: Advanced: Firewall and NAT:

    This is unchecked by default so it normally negates the specified gateway for a policy based route if the destination is a local network. It should apply in the case here. Do you have this checked?

    Personally I always check this box because when I am deliberately separating local network segments I want to do so by simply not adding firewall rules rather than having to add block rules.

    Steve



  • @stephenw10:

    Something easy to overlook is the 'Disable Negate rules' option in System: Advanced: Firewall and NAT:

    This is unchecked by default so it normally negates the specified gateway for a policy based route if the destination is a local network. It should apply in the case here. Do you have this checked?

    Personally I always check this box because when I am deliberately separating local network segments I want to do so by simply not adding firewall rules rather than having to add block rules.

    Steve

    It is unchecked (default), wasn't even aware of it, maybe it's not working as intended in 2.1?


Log in to reply