Not able to access opt network from LAN



  • I am having issues accessing my opt network from LAN, this seems to be a firewall issue and is resolved when i turn off NATing/Packet Filtering in the advanced options menu. There are no firewall rules preventing me from accessing this network and this has only been going on since i upgraded to pfsense 2.1, i can roll back to the same state but on version 2.0.3 and everything works great.

    If anyone has any insight on what could be causing this please let me know.

    Thanks.



  • Need more info. Post your interface configurations and firewall rules.



  • LAN - 192.168.2.1
    opt - 10.0.2.1

    Both interfaces have simple allow any to any on their firewall rules.

    I am able to ping 10.0.2.1, the pfsense interface on that network, but i am unable to ping 10.0.2.2, a computer on that network.



  • LAYER 8 Global Moderator

    Simple question does that 10.0.2.2 point to pfsense as the gateway?  Does it local firewall block ping from network other than its local.  I do now this default on windows firewall for example.



  • Yes, 10.0.2.2 does point to pfsense as the gateway, and there is no local firewall to block anything, i turned them all off for testing purposes.


  • LAYER 8 Global Moderator

    Well then I would suggest you do a simple sniff on pfsense – do you see your ping going out?

    So see my below pic -- under diag, packet capture.  I set to use the interface that is on my WLAN 192.168.2.0/24 set it for icmp and the IP of the host I am pinging on that network 192.168.2.252

    I then pinged that IP from my host on the 192.168.1.0/24 network connected to my LAN interface on pfsense.  So as you can see the requests go out to 192.168.2.252 -- now in my case you also see the response.

    Do you see responses on the capture - if not but you see the request go out, then on the host your trying to ping verify the request is getting there (sniff on host - tcpdump or wireshark either will work).  If it is - and your not seeing it send back the reply there there is a firewall on the host your not aware of your not really disabled, etc.  If you don't see it go out of pfsense then you need to figure out why. etc..

    edit: can you ping it from pfsense?  Under diag use the ping command, set your source interface to be the pfsense interface connected to that segment and try to ping your host.  see the second image attached.





Log in to reply