Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple networks behind LAN interface

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      arell12
      last edited by

      I have PF sense running and its LAN ip address is in the network 172.16.40.0 /22. I have a Cisco router one port sits in the LAN and and another port sits in the WiFi Network. From the WiFi network I cannot access the internet or ping the PF Sense firewall. The PF Sense has a static route to the 192.168.0.0 network. From the PFsense firewall I can ping the Wifi Network interface on the cisco.

      WAN > INTERNET IP PF Sense 172.16.40.23 > LAN 172.16.40.0/22 > 172.16.40.20 Router 192.168.0.180 > WiFi Net 192.168.0.0/24

      Is there a setting on the firewall that is not allowing this traffic?

      From PF Sense I can ping 192.168.0.180 using LAN as source.
      From Router I cannot ping PF Sense (172.16.40.23) using the WiFi interface (192.168.0.180).
      From Router I can ping PF Sense (172.16.40.23) using LAN interface (172.16.40.20).
      From the router I can ping other hosts on the LAN from the WIFI interface.

      Thanks

      1 Reply Last reply Reply Quote 0
      • J
        jswj
        last edited by

        Does the router has a default gateway to the pfsense LAN IP?

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by

          and does pfSense LAN have a rule that will allow traffic with source 192.168.0.0/whatever-mask ?

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Yep, what Phil said.  :)
            The default LAN rule will block that because the source is outside the LAN subnet so if you haven't changed it or added more rules that traffic won't be allowed.

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.