Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Upgraded to 2.1, now i cannot access other subnets on LAN

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 799 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Atlantisman
      last edited by

      Hello,

      I upgraded to pfsense 2.1, from 2.0.3 and now i cannot access other subnets that my pfsense machine handles.  i.e. if i am on 192.168.2.X and i want to access a machine in the DMZ at 10.0.0.X i am not able to do that. But i can ping pfsense's interface on that subnet (10.0.0.1).

      I am not sure what is causing this but i have tried putting allow all rules in the firewall without luck.

      If someone could give me any suggestions that would be greatly appreciated.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        The rules to negate policy routing over-matched in some cases in pre-2.1 versions. You need firewall rules above your policy routing rules (anything specifying a gateway other than "default") allowing traffic between your local LANs, with gateway left at "default".

        1 Reply Last reply Reply Quote 0
        • A
          Atlantisman
          last edited by

          I am not sure i understand. Could you please elaborate? Thanks a lot.

          P.S. I do have multiple WAN connections.

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            Do you have rules that specify a gateway? (known as policy-routing)
            If so, then the behavior has changed a little in pfSense 2.1.
            The rule might be:
            Pass source LANnet destination all gateway MyGatewayGroup

            In older versions of pfSense, underneath in the rule set, it would "help you out" - that "destination all" rule would send EVERYTHING to MyGatewayGroup, even traffic for another local LAN on pfSense itself (e.g. OPT1net). So pfSense code put another rule just before the gateway rule:
            Pass source LANnet destination OPT1net gateway default

            This allowed that traffic to be passed through to the normal routing, which delivered it locally - rather than being forced out the gateway.

            Now pfSense does just what it is told - the extra rule is not added in the background.

            You need to add a rule, above the "policy-routing" rules, on LAN:
            Pass source LANnet destination DMZnet gateway default

            That will let the local traffic through without forcing it into/out a gateway.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • A
              Atlantisman
              last edited by

              Awesome! Thanks a lot, that has been giving me trouble for quite a while.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.