Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Troubleshooting Connections between Subnets

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      blyxx86
      last edited by

      Hey everyone,

      I updated to 2.1 last week, and most things seemed to be just fine.  However, for some reason my ability to ping between my LAN and OPT1 networks seems to have stopped working.

      LAN = 192.168.10.15/24
      OPT1 = 10.20.10.15/24

      The rules between both OPT1 and LAN are to allow ALL between the two networks.  The LAN firewall allows all from OPT1 subnet, as long as the destination is in the LAN subnet. The OPT1 firewall allows all from LAN subnet, as long as the destination is in the OPT1 subnet.

      Both rules are the first rule in the list (LAN has the anti-lockout rule).

      What I'm seeing in the states table is what is confusing me (and probably why things aren't working):
      Protocol, Source->Router->Destination, State
      ICMP, 10.20.10.5 <- 192.168.10.66, 0:0
      ICMP, 192.168.10.66:1 -> 12.34.56.78:51293 -> 10.20.10.5, 0:0  (The router IP is the WAN2 IP, we have a failover that was setup a while back and WAN2 is our default)

      I guess my question is how do I take the WAN out of this LAN <-> OPT1 route?

      *Edit, more info.  I can use the PING tool on the pfsense using both OPT1 and LAN as the source location and the pings seem to work fine.  Other boxes on the same OPT1 or LAN subnet can ping other boxes on their same subnet (e.g. 10.20.10.1 can ping 10.20.10.2)

      1 Reply Last reply Reply Quote 0
      • B
        blyxx86
        last edited by

        Okay, I had to toy around with it a lot but it seems okay now.

        So I'm not entirely sure why, but I had to delete the rules to "Allow OPT1 -> LAN" and "Allow LAN -> OPT1" on OPT1 and LAN, respectively.  And then rebuild them.

        Even turning the logging on with the rules wouldn't log any packets.  Once I deleted and recreated them, they started logging successful packets.

        It was very weird.

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by

          The rules between both OPT1 and LAN are to allow ALL between the two networks.  The LAN firewall allows all from OPT1 subnet, as long as the destination is in the LAN subnet. The OPT1 firewall allows all from LAN subnet, as long as the destination is in the OPT1 subnet.

          What you describe here in the first post is around the wrong way - if the rules were like that at first then they would not have worked.
          The way you describe doing it in the 2nd post is correct and works. That is why it works now and did not work at first.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.