Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Not able to access opt network from LAN

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      Atlantisman
      last edited by

      I am having issues accessing my opt network from LAN, this seems to be a firewall issue and is resolved when i turn off NATing/Packet Filtering in the advanced options menu. There are no firewall rules preventing me from accessing this network and this has only been going on since i upgraded to pfsense 2.1, i can roll back to the same state but on version 2.0.3 and everything works great.

      If anyone has any insight on what could be causing this please let me know.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • T Offline
        timthetortoise
        last edited by

        Need more info. Post your interface configurations and firewall rules.

        1 Reply Last reply Reply Quote 0
        • A Offline
          Atlantisman
          last edited by

          LAN - 192.168.2.1
          opt - 10.0.2.1

          Both interfaces have simple allow any to any on their firewall rules.

          I am able to ping 10.0.2.1, the pfsense interface on that network, but i am unable to ping 10.0.2.2, a computer on that network.

          LANRules.JPG
          LANRules.JPG_thumb

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            Simple question does that 10.0.2.2 point to pfsense as the gateway?  Does it local firewall block ping from network other than its local.  I do now this default on windows firewall for example.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

            1 Reply Last reply Reply Quote 0
            • A Offline
              Atlantisman
              last edited by

              Yes, 10.0.2.2 does point to pfsense as the gateway, and there is no local firewall to block anything, i turned them all off for testing purposes.

              1 Reply Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator
                last edited by

                Well then I would suggest you do a simple sniff on pfsense – do you see your ping going out?

                So see my below pic -- under diag, packet capture.  I set to use the interface that is on my WLAN 192.168.2.0/24 set it for icmp and the IP of the host I am pinging on that network 192.168.2.252

                I then pinged that IP from my host on the 192.168.1.0/24 network connected to my LAN interface on pfsense.  So as you can see the requests go out to 192.168.2.252 -- now in my case you also see the response.

                Do you see responses on the capture - if not but you see the request go out, then on the host your trying to ping verify the request is getting there (sniff on host - tcpdump or wireshark either will work).  If it is - and your not seeing it send back the reply there there is a firewall on the host your not aware of your not really disabled, etc.  If you don't see it go out of pfsense then you need to figure out why. etc..

                edit: can you ping it from pfsense?  Under diag use the ping command, set your source interface to be the pfsense interface connected to that segment and try to ping your host.  see the second image attached.

                pingcapture.png
                pingcapture.png_thumb
                pingfrompfsense.png
                pingfrompfsense.png_thumb

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.