LAN -> DMZ don't work

johbra

I have a computer with 1.2-RC3 and four NICs:
WAN = DHCP
LAN = 192.168.110.1/24
DMZ = 192.168.111.1/24
WLAN = 192.168.109.1/24

I've added the following pass-rule to the top of the list of rules for the LAN interface:
Proto  Source  Port  Destination  Port  Gateway  Schedule Description 
*          *        *        *          *        *          *            *

I have one accespoint with ip 192.168.109.2 and one laptop with ip 192.168.109.151 on the WLAN interface. When i try to ping either one of them, I get no response. What could be wrong?
  I can ping the WLAN-address of pfsense (192.168.109.1) by the way…

GruensFroeschli

Do you have a rule on the WLAN interface that allows traffic?
Got a firewall on the WLAN client that might block the pings?

johbra

1. I have the same rule on the WLAN interface.
2. The laptop on the WLAN-interface can ping the accespoint so…pinging from LAN should not be a problem, right?

GruensFroeschli

to 2:
ping is not bidirectional.
If you have a firewall on the Laptop that blocks pings the laptop cannot be pinged :)

Can you ping the laptop if you use the ping-utility on pfSense?
If not then the problem is definitly on the laptop end. (since the laptop is able to ping the pfSense)

johbra

I can ping the accesspoint from the pfSense tool, but i can't ping the accespoint from my computer on the LAN.

Perry

Proto  Source  Port  Destination  Port  Gateway  Schedule Description   
*          *        *        *          *        *          *            *

Proto    Source      Port  Destination  Port  Gateway  Schedule Description   
*      Lan subnet      *        *          *        *          *            *

Proto    Source          Port  Destination  Port  Gateway  Schedule Description   
*      Wlan subnet        *        *          *        *          *            *

johbra

I've added the rules you sudjested Perry, to both my LAN and my WLAN interface. I still can't ping the access-point from my computer on my LAN-interface.

GruensFroeschli

you're writing about pinging the AP.
what kind of AP is that?
somehow i suspect your AP is doing NAT and you have on the AP the WLAN subnet on WAN and WLAN side.

johbra

I only use the LAN-ports of the "AP" but…you got me thinking Gruens. I just changed in the AP configuration and got it up and running. Now i can reach the LAN from the WLAN.
  I but i can't reach the WLAN from the LAN though, but that's not important enough for me to continue messing with the AP for  :) And besides...my primary aim is to learn how to manage the pfsense box, not the AP  ;D

Thanks for the help everyone!