Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Don't have a clue

    Scheduled Pinned Locked Moved Firewalling
    10 Posts 5 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      oliverkazaam41
      last edited by

      Hi I am trying to accomplish this kind of setup

      router (pfsense) 3 NICS ( WAN, LAN1, LAN2)
          |  |
          |  |
      LAN1  LAN2

      LAN1 would be in 14.0 subnet and LAN2 would be using 16.0 subnet. How do I setup pfsense so that both network can cumminicate. I added LAN2 in the OPT1. I can ping the 16.0 subnet from server to workstation  but I can't ping the server from my workstation it states request timedout.  The 14 subnet is working fine. Please help me with this.

      Thank you in advance

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        Create rules on each LAN interface allowing traffic TO the other LAN subnet.

        1 Reply Last reply Reply Quote 0
        • O
          oliverkazaam41
          last edited by

          I already created a rule that would allow any from 1 subnet to the other. I still get the same result.

          1 Reply Last reply Reply Quote 0
          • C
            cybrsrfr
            last edited by

            Do you have a route setup either static or dynamic between the two subnets.
            You can setup a static route or enable RIP so that it can build you a dynamic route.

            1 Reply Last reply Reply Quote 0
            • H
              hoba
              last edited by

              You don't need routes for subnets that are connected directly to the pfSense. This is a firewallrule issue as pinging works one way so the routing must be ok. Make sure you have selected any protocol in your firewallrules and not just tcp (what is the default when adding a new rule) if you want it to be completely transparent/unfirewalled. If that doesn't help please show us the rules that you put on LAN1 and LAN2.

              1 Reply Last reply Reply Quote 0
              • GruensFroeschliG
                GruensFroeschli
                last edited by

                also if you want that your second LAN has access to the internet you need to create an Advanced Outbound NAT rule that NAT's your second LAN.
                (search the forum on how to)

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • H
                  hoba
                  last edited by

                  @GruensFroeschli:

                  also if you want that your second LAN has access to the internet you need to create an Advanced Outbound NAT rule that NAT's your second LAN.
                  (search the forum on how to)

                  Actually you don't. It does NAT automatically on each interface that has a gateway set (WAN) and as the LAN2-Traffic is leaving through WAN as well you don't need to change anything regarding outbound NAT.

                  1 Reply Last reply Reply Quote 0
                  • GruensFroeschliG
                    GruensFroeschli
                    last edited by

                    Is that a new feature?
                    Or does it just not apply for OpenVPN?

                    I remember i had to set AoN rules for each additional subnet.

                    Or does it just add all LAN's automatically that have as Gateway WAN? (only "real" interfaces)

                    We do what we must, because we can.

                    Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                    1 Reply Last reply Reply Quote 0
                    • H
                      hoba
                      last edited by

                      The OpenVPN network is not part of one of the real pfsense interfaces and that's why it doesn't automatically generate outbound nat rules for it but for real interface subnets pfSense does that in the background. However once you enable advanced outbound nat you have to specify nat rules for everything unless you do an "any subnet going out to wan" outbound nat rule.

                      1 Reply Last reply Reply Quote 0
                      • GruensFroeschliG
                        GruensFroeschli
                        last edited by

                        Cool
                        Maybe i just got used to have to create all AoN rules myself since i use OpenVPN on almost every pfSense i have in action :)

                        We do what we must, because we can.

                        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.