3 LAN interfaces,, can someone give a route example



  • Hello All,

    pfSense-2.1.4-RELEASE (amd64)oing a fresh install of 2.1.4

    LAN = 172.28.8.0/24
    OPT1 = 172.28.10.0/23
    OPT2 = 172.28.12.0/23

    For some reason doing a fresh install of 2.1.4 after having been using 2.0.1 i can not get LANs to ping each other. I am honestly not sure if it is a routing prob or firewall issue . I have setup on each physical interface allow ANY * in the firewall rules. I can ping the interface ip from any lan client but nothing beyond that.
    I have done packet captures and appears the packets leave the  subnet interface I am pinging from but never ends up and the intended other subnet's interface. When I do a ping I do get a  no reply',I i do not get host not found ,,for completeness.
    The default gateway showing is of course the WAN interface/ip address.

    I would like all machines on each subnet to be able to see the others on each of the three subnets. No funky block rules needs to be in place.

    Thank You,
    Barry


  • Netgate

    Every interface should have a rule like this.  And every client machine on each segment should have its default gateway set to the appropriate pfSense interface address.  If you do that, and there's not something in firewalls on the clients, they'll be able to exchange traffic.

    ![Screen Shot 2014-08-19 at 7.45.28 PM.png](/public/imported_attachments/1/Screen Shot 2014-08-19 at 7.45.28 PM.png)
    ![Screen Shot 2014-08-19 at 7.45.28 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-08-19 at 7.45.28 PM.png_thumb)



  • @Derelict:

    Every interface should have a rule like this.  And every client machine on each segment should have its default gateway set to the appropriate pfSense interface address.  If you do that, and there's not something in firewalls on the clients, they'll be able to exchange traffic.

    What Derelict said.

    If you have a rule on each interface to allow any traffic to go anywhere it will work. This will not be a routing issue, because pfsense does not need routing entries for directly connected networks.