Can't ping or contact ADSL router from LAN
I can ping my adsl routers (I have two) from the pfSense machine, but I cannot from my LAN. I'm not sure why, any ideas? My routers are 192.168.0.1, 192.168.1.1. Here are my firewall rules.
jahonix last edited by
The only allowed address to your Netgear is "Lan address" - which refers to your pfSense's LAN interface.
There is no rule for others to ping there. I'd try dedicated ICMP/ping rules.
Are your modems in bridge mode? It looks like they may not be.
Slightly off-topic - the 2nd rule only passes DNS UDP. Under some conditions DNS can use TCP, so you should make that pass UDP+TCP.
The last rule pushes all traffic unmatched by a previous rule, into VPN gateway. That may be pushing traffic for the 192.168 WAN subnets. You will need ordinary pass rule/s prior to that for traffic you want to allow to the 192.168 WAN subnets.
your rule "access to netgear webgui" is set for TCP protocol traffic.
pings or echo request->reply use the ICMP protocol.
in other words … with that rule you shall never get pings to work.
for testing set the protocol to ANY, and see if that helps
Assuming there is no extra interfaces, PPPoE trickery to be done the problem exactly as jahonix pointed out above. Your firewall rule allowing access to the modem only catches traffic from the pfSense LAN interface, hence you can ping it from the box itself. Change that rules source to 'LAN net' and you'll be good.
Unless your LAN client is 10.0.0.61 in which case it should work.
You may be falling foul of the negate rules. These are rules which 'negate' policy based routing for accessing local subnets and they use the system routing hence the default gateway. Your default gateway is the Netgear interface so it still should work. You can disable the negate rules though in System: Advanced: Firewall and NAT:
Thanks everyone I created two new rules
TCP LAN net * -> Routers 80 (HTTP)
ICMP LAN net * -> Routers *
Works a treat