Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [SOLVED] Updated from 2.0.3 to 2.1 cannot access WLAN <-> LAN anymore

    Installation and Upgrades
    3
    14
    2014
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Voidburn last edited by

      WLAN subnet: 192.168.70.0/24
      LAN subnet: 192.168.69.0/24

      Before the upgrade I used to be able to access my lan from my wifi devices and viceversa, but now it seems like everything is routed through the WAN even if the destination is a subnet on the pfsense box.

      I didn't have to do anything special in 2.0.3, just got that functionality by default (I have very very few firewall rules and most of them are for sending some traffic through WAN1 instead of the balancer (I have a multiwan setup).

      Any help is appreciated!

      Cheers

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi last edited by

        Can you post your firewall rules for LAN and WAN and OPTs if you have them?

        Also please post the interfaces > WAN, LAN and OPTs screens.

        It will be interesting to see if gateway changes appeared in any of that during upgrade.

        1 Reply Last reply Reply Quote 0
        • V
          Voidburn last edited by

          Firewall rules:


          Interfaces:




          (Wifi doesn't block either bogon or private networks)

          1 Reply Last reply Reply Quote 0
          • V
            Voidburn last edited by

            Nevermind the last rule on the WIFI interface, I was trying to add rules before I realized it was a routing problem.

            1 Reply Last reply Reply Quote 0
            • K
              kejianshi last edited by

              Why don't you put a rule at the very top of WIFI to allow all from WIFI subnet to destination LAN subnet and another on the LAN to allow all from LAN subnet to destination WIFI subnet (with no mention of gateways on either)?

              1 Reply Last reply Reply Quote 0
              • V
                Voidburn last edited by

                Just in case, here is my routing table and what happens when I try to ping a client on the wireless network from a lan pc:

                1 Reply Last reply Reply Quote 0
                • K
                  kejianshi last edited by

                  See previous comment.  Lets me know what happens.

                  1 Reply Last reply Reply Quote 0
                  • V
                    Voidburn last edited by

                    @kejianshi:

                    Why don't you put a rule at the very top of WIFI to allow all from WIFI subnet to destination LAN subnet and another on the LAN to allow all from LAN subnet to destination WIFI subnet (with no mention of gateways on either)?

                    Tried, no effect. What's disturbing to me is that the answer to my pings comes from I don't know which machine in my provider's subnet! There must be something wrong with my routing :\

                    1 Reply Last reply Reply Quote 0
                    • V
                      Voidburn last edited by

                      Correction, it does work! I didn't give it enough time to regenerate the tables!

                      These are the new rules:

                      LAN:

                      WIFI:

                      When I tried it before creating this topic I forgot to put it at the top, so it would be the first rule to be matched!

                      Thank you!

                      1 Reply Last reply Reply Quote 0
                      • K
                        kejianshi last edited by

                        You are welcome.  I'm glad its all good.  Enjoy.  (save configuration quick).

                        1 Reply Last reply Reply Quote 0
                        • V
                          Voidburn last edited by

                          Configuration backed up and sent to dropbox, lesson learned :)

                          I wonder though, what has changed from 2.0.3 that made my generic all destinations rule (multigateway) to stop ignoring the fact that a destination was local, 'cause I guess that's what made it work before in 2.0.3.

                          Well, thanks again!

                          1 Reply Last reply Reply Quote 0
                          • K
                            kejianshi last edited by

                            I wish I knew - There was another guy having similar issues but not even a sane set of firewall rules helped him.  Very odd.

                            1 Reply Last reply Reply Quote 0
                            • stephenw10
                              stephenw10 Netgate Administrator last edited by

                              Something easy to overlook is the 'Disable Negate rules' option in System: Advanced: Firewall and NAT:

                              This is unchecked by default so it normally negates the specified gateway for a policy based route if the destination is a local network. It should apply in the case here. Do you have this checked?

                              Personally I always check this box because when I am deliberately separating local network segments I want to do so by simply not adding firewall rules rather than having to add block rules.

                              Steve

                              1 Reply Last reply Reply Quote 0
                              • V
                                Voidburn last edited by

                                @stephenw10:

                                Something easy to overlook is the 'Disable Negate rules' option in System: Advanced: Firewall and NAT:

                                This is unchecked by default so it normally negates the specified gateway for a policy based route if the destination is a local network. It should apply in the case here. Do you have this checked?

                                Personally I always check this box because when I am deliberately separating local network segments I want to do so by simply not adding firewall rules rather than having to add block rules.

                                Steve

                                It is unchecked (default), wasn't even aware of it, maybe it's not working as intended in 2.1?

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post