<![CDATA[Upgraded to 2.1, now i cannot access other subnets on LAN]]>Hello,

I upgraded to pfsense 2.1, from 2.0.3 and now i cannot access other subnets that my pfsense machine handles.  i.e. if i am on 192.168.2.X and i want to access a machine in the DMZ at 10.0.0.X i am not able to do that. But i can ping pfsense's interface on that subnet (10.0.0.1).

I am not sure what is causing this but i have tried putting allow all rules in the firewall without luck.

If someone could give me any suggestions that would be greatly appreciated.

]]>https://forum.netgate.com/topic/65418/upgraded-to-2-1-now-i-cannot-access-other-subnets-on-lanRSS for NodeSun, 10 May 2026 02:22:45 GMTThu, 06 Feb 2014 02:11:28 GMT60<![CDATA[Reply to Upgraded to 2.1, now i cannot access other subnets on LAN on Tue, 11 Feb 2014 08:44:48 GMT]]>Awesome! Thanks a lot, that has been giving me trouble for quite a while.

]]>https://forum.netgate.com/post/443197https://forum.netgate.com/post/443197Tue, 11 Feb 2014 08:44:48 GMT<![CDATA[Reply to Upgraded to 2.1, now i cannot access other subnets on LAN on Tue, 11 Feb 2014 08:38:08 GMT]]>Do you have rules that specify a gateway? (known as policy-routing)
If so, then the behavior has changed a little in pfSense 2.1.
The rule might be:
Pass source LANnet destination all gateway MyGatewayGroup

In older versions of pfSense, underneath in the rule set, it would "help you out" - that "destination all" rule would send EVERYTHING to MyGatewayGroup, even traffic for another local LAN on pfSense itself (e.g. OPT1net). So pfSense code put another rule just before the gateway rule:
Pass source LANnet destination OPT1net gateway default

This allowed that traffic to be passed through to the normal routing, which delivered it locally - rather than being forced out the gateway.

Now pfSense does just what it is told - the extra rule is not added in the background.

You need to add a rule, above the "policy-routing" rules, on LAN:
Pass source LANnet destination DMZnet gateway default

That will let the local traffic through without forcing it into/out a gateway.

]]>https://forum.netgate.com/post/443196https://forum.netgate.com/post/443196Tue, 11 Feb 2014 08:38:08 GMT<![CDATA[Reply to Upgraded to 2.1, now i cannot access other subnets on LAN on Tue, 11 Feb 2014 08:37:32 GMT]]>I am not sure i understand. Could you please elaborate? Thanks a lot.

P.S. I do have multiple WAN connections.

]]>https://forum.netgate.com/post/443195https://forum.netgate.com/post/443195Tue, 11 Feb 2014 08:37:32 GMT<![CDATA[Reply to Upgraded to 2.1, now i cannot access other subnets on LAN on Thu, 06 Feb 2014 10:13:17 GMT]]>The rules to negate policy routing over-matched in some cases in pre-2.1 versions. You need firewall rules above your policy routing rules (anything specifying a gateway other than "default") allowing traffic between your local LANs, with gateway left at "default".

]]>https://forum.netgate.com/post/442437https://forum.netgate.com/post/442437Thu, 06 Feb 2014 10:13:17 GMT