Don't have a clue
-
Hi I am trying to accomplish this kind of setup
router (pfsense) 3 NICS ( WAN, LAN1, LAN2)
| |
| |
LAN1 LAN2LAN1 would be in 14.0 subnet and LAN2 would be using 16.0 subnet. How do I setup pfsense so that both network can cumminicate. I added LAN2 in the OPT1. I can ping the 16.0 subnet from server to workstation but I can't ping the server from my workstation it states request timedout. The 14 subnet is working fine. Please help me with this.
Thank you in advance
-
Create rules on each LAN interface allowing traffic TO the other LAN subnet.
-
I already created a rule that would allow any from 1 subnet to the other. I still get the same result.
-
Do you have a route setup either static or dynamic between the two subnets.
You can setup a static route or enable RIP so that it can build you a dynamic route. -
You don't need routes for subnets that are connected directly to the pfSense. This is a firewallrule issue as pinging works one way so the routing must be ok. Make sure you have selected any protocol in your firewallrules and not just tcp (what is the default when adding a new rule) if you want it to be completely transparent/unfirewalled. If that doesn't help please show us the rules that you put on LAN1 and LAN2.
-
also if you want that your second LAN has access to the internet you need to create an Advanced Outbound NAT rule that NAT's your second LAN.
(search the forum on how to) -
also if you want that your second LAN has access to the internet you need to create an Advanced Outbound NAT rule that NAT's your second LAN.
(search the forum on how to)Actually you don't. It does NAT automatically on each interface that has a gateway set (WAN) and as the LAN2-Traffic is leaving through WAN as well you don't need to change anything regarding outbound NAT.
-
Is that a new feature?
Or does it just not apply for OpenVPN?I remember i had to set AoN rules for each additional subnet.
Or does it just add all LAN's automatically that have as Gateway WAN? (only "real" interfaces)
-
The OpenVPN network is not part of one of the real pfsense interfaces and that's why it doesn't automatically generate outbound nat rules for it but for real interface subnets pfSense does that in the background. However once you enable advanced outbound nat you have to specify nat rules for everything unless you do an "any subnet going out to wan" outbound nat rule.
-
Cool
Maybe i just got used to have to create all AoN rules myself since i use OpenVPN on almost every pfSense i have in action :)
