Multi-LAN, can't reach NAS on LAN1 from LAN2
-
Hi everyone,
i'm pretty new to pfsense.
i have a pfsense 2.0.1 here with 4 NICs, 2 for WAN and 2 for LAN.
I tried to reach a NAS (which is on the first LAN) with Client from the second LAN.
That for I configured a gateway on LAN1 and two firewall rules:
on LAN2-NIC: 10.10.64.1/18 allowed all Ports –> single host 10.10.1.1
on LAN1-NIC: single host 10.10.1.1 allowed all Ports --> 10.10.64.1/18I tried an SMB connection as well as a ping from a client on LAN2, both didn't reach the NAS
the configuration for the LAN connections are the following:
LAN1:
Static IP: 10.10.1.2/18
DHCP: 10.10.4.1 - 10.10.9.253
some clients with static IPs (not in the DHCP range)
NAS with static IP 10.10.1.1LAN2:
Static IP: 10.10.64.1/18
DHCP: 10.10.66.1 - 10.10.76.253
some Client with static IPs (not in the DHCP range)NAT is set to automatic (yes, i know, not the best choice, that'll be my next step)
LAN1 and LAN2 both work fine with the two WAN connection.
Thanks in advance for any hints
-
That for I configured a gateway on LAN1
Both LAN1 and LAN2 are direct connected to pfSense, so it will route between them without having to be told anything. Remove any gateway stuff you put on the LAN(s). Firewall rule(s) on LAN1 and LAN2 to allow traffic you want (initiated from LAN1 and LAN2 respectively) should be all that is needed.
-
thanks for the anwser.
i deleted the gateway and now have two rules:
(see attachments)LAN1 (named LAN):
source LAN1
all protocols
destination LAN2 (named LAN2DHCP)LAN2 (named LAN2DHCP)
source LAN2 (named LAN2DHCP)
all protocols
destination single host 10.10.1.1 (wich is at LAN1)could the subnets of both LAN-NICs (10.10.1.2/18 and 10.10.64.1/18) cause any trouble, that the rules won't work?
packet capturing shows following on LAN2 for destination 10.10.1.1
12:38:58.889613 IP 10.10.1.1.138 > 10.10.255.255.138: UDP, length 207
-
did you fill in the gateway on the NAS device (the webconfig of the NAS itself)
-
the NAS gateway is set to 10.10.1.2, which is LAN1
from any source of LAN1 to the NAS, there's no problem.
but still pfsense seems not to allow the packets from LAN2 to the NAS
-
That for I configured a gateway on LAN1
could you elaborate on that ? you didn't enter a gateway on the LAN1/LAN2 interface configuration page right ?
If you did –> remove it ... only WAN connections need this filled in.
--> check NAT because i'm not entirely sure if it will automagically remove the faulty NAT-rules that were created when ya added a gateway to your LAN(s)i'm not sure what else could be wrong ... the screenshots you provided seem ok to me