[resolved] pfSense not routing between connected subnets
-
My WAN network lies in 10.0.0.0/24. I have tried to replace the davicom PCI card with realtek PCI 100/10 NIC. Still no routing happening. LAN and DMZ is configured on the onboard NICs. I did try to use the third PCI for LAN, still no routing. Realtek 100/10 PCI card is using RL driver. Onboard Realtek NICs is using RE driver.
Attached screens from LAN and DMZ int config page.
-
With that setup and the correct rules, it should route without issue. Did you say that if you disable the firewall in advanced, it still will not route?
-
That is correct. It will not route between connected subnets even with firewall disabled.
I will try routing between nets on different vlans in a trunk from the pfsense box later today. If the NICs support vlan/trunking at all :)
-
Breaking news!
The error of my ways has revealed it self. Windows firewall blocks both icmp and IP traffic from an other subnet than that the host resides in. All this time the poor pfSense box was doing its job probably perfectly.
Sorry for wasting your time people, but thanks a bunch for your posts :) really appreciate it.
-
Good old Windows … At least they are error on somewhat safe now. Good luck.
-
Hehe yeah. Both hosts were running Win 8 so maybe its something new. I have not heard of this atleast. I figured it out when I put a cisco switch in to the mix, which I could ping from all subnets.
-
I've been caught by this in the past and now packet capture on each port to see exactly what's going on. Sure saves a lot of time.
-
I have an almost identical setup with almost identical issues.
One pfSense box (PC Engines APU 1C4, three Realtek RTL8111E NICs), re0 is the WAN interface, connecting to a cable modem which connects to a public IP network of the Internet provider, re1 is the LAN interface connecting a bunch of machines in the 192.168.0.0/24 private subnet and re2 is the OPT1 interface connecting some machine in the 192.168.1.0/24 private subnet.
WAN has filter private and bogons enabled, those settings as well as the upstream route are off for both the LAN and OPT1 configured subnets.
Routing to the Internet works on both subnets, all hosts get their IP from DHCP on their respective interface.
There are any-to-any rules for both local subnetworks configured (OPT1 basically with the LAN rules as template, replacing the relevant interface names).
I have a NAT rule, which allows access from the internet on port 443 to one server on the ~0.0/24 network. I also had NAT reflection enabled ("NAT + proxy") for this NAT rule. The default behaviour is "Disable". This works.
I run Linux boxes, mostly Ubuntu and small SOHO Access Points (Sitecom) on both LANs, but as the original poster, I am unable to ping machines in the ~1.0/24 from the ~0.0/24 subnet and vice versa.
I tried pinging with Ubuntu UFW personal firewall disabled on the client towards the AP in the other subnet, and it does not work.
As with the OP, I can ping the other interface (~1.1/24 from ~0.1/24 and vice versa) but not the machines in the other subnet.
Adding a firewall rule to monitor traffic shows, that packet are passed. Packet capture shows, that nothing comes back if I send pings.
I simply don't understand this (must be a stupid oversight probably an issue with the machine config of the AP I used for testing so far).
If anyone could help here, I would be very gratefull.
-
Reply to self:
Similar issue as the original poster. The Access Points I used as ping targets are configured not to reply to pings from other subnets. Packets where passed around with no problem by pfSense.
-
This is the main problem that I see as well. The access points don't allow the ping reply. Please test with something else, like s real computer.