1. Home
  2. pfSense® Software
  3. Firewalling
  4. Don't have a clue

Don't have a clue

  • O

    Hi I am trying to accomplish this kind of setup

    router (pfsense) 3 NICS ( WAN, LAN1, LAN2)
        |  |
        |  |
    LAN1  LAN2

    LAN1 would be in 14.0 subnet and LAN2 would be using 16.0 subnet. How do I setup pfsense so that both network can cumminicate. I added LAN2 in the OPT1. I can ping the 16.0 subnet from server to workstation  but I can't ping the server from my workstation it states request timedout.  The 14 subnet is working fine. Please help me with this.

    Thank you in advance

    0
  • Cry Havok

    Create rules on each LAN interface allowing traffic TO the other LAN subnet.

    0
  • O

    I already created a rule that would allow any from 1 subnet to the other. I still get the same result.

    0
  • C

    Do you have a route setup either static or dynamic between the two subnets.
    You can setup a static route or enable RIP so that it can build you a dynamic route.

    0
  • H

    You don't need routes for subnets that are connected directly to the pfSense. This is a firewallrule issue as pinging works one way so the routing must be ok. Make sure you have selected any protocol in your firewallrules and not just tcp (what is the default when adding a new rule) if you want it to be completely transparent/unfirewalled. If that doesn't help please show us the rules that you put on LAN1 and LAN2.

    0
  • GruensFroeschli

    also if you want that your second LAN has access to the internet you need to create an Advanced Outbound NAT rule that NAT's your second LAN.
    (search the forum on how to)

    0
  • H

    @GruensFroeschli:

    also if you want that your second LAN has access to the internet you need to create an Advanced Outbound NAT rule that NAT's your second LAN.
    (search the forum on how to)

    Actually you don't. It does NAT automatically on each interface that has a gateway set (WAN) and as the LAN2-Traffic is leaving through WAN as well you don't need to change anything regarding outbound NAT.

    0
  • GruensFroeschli

    Is that a new feature?
    Or does it just not apply for OpenVPN?

    I remember i had to set AoN rules for each additional subnet.

    Or does it just add all LAN's automatically that have as Gateway WAN? (only "real" interfaces)

    0
  • H

    The OpenVPN network is not part of one of the real pfsense interfaces and that's why it doesn't automatically generate outbound nat rules for it but for real interface subnets pfSense does that in the background. However once you enable advanced outbound nat you have to specify nat rules for everything unless you do an "any subnet going out to wan" outbound nat rule.

    0
  • GruensFroeschli

    Cool
    Maybe i just got used to have to create all AoN rules myself since i use OpenVPN on almost every pfSense i have in action :)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy