Simple installation but not to much



  • Hello everyone.

    Can you helpme? :)

    I have a simple installation
    WAN–-200.X.X.X
    LAN1----10.X.X.X
    LAN2---192.X.X.X
    From the FIREWALL I can ping to everywhere, but from LAN1 cant ping to LAN2.
    I create a rule in LAN1 and the LAN2 nic to any to any and still not working.
    Previously I testing in virtualbox and works without to much configuration.
    I use two intel nic and one broadcom. Intel i5 processor and 8gb of ram, mother asus.
    What I'm doing wrong?
    Regards for all and sorry by my english.



  • Post your firewall rules so we can check.
    What is the device in LAN2 that you are trying to ping?
    Some OS have a firewall built-in that by default responds to ping in the local subnet, but not from outside. So you could ping from the firewall LAN2 IP, but not from a device in LAN1, like you describe.



  • Thanks for your time.

    FROM PFSENSE
                          –-PING TO INTERNET--OK
                          ---PING TO DESKTOP IN LAN1--OK
                          ---PING TO SERVER IN LAN2--OK

    FROM DESKTOP IN LAN 1 TO SERVER IN LAN2--DONT WORK

    Rules from LAN1-----------any to any
    Rules from LAN2-----------any to any

    Regard and thank for your help.



  • What is the operating system on the LAN1 and LAN2 devices?
    Do packet capture on pfSense LAN1 and then LAN2 looking for the IP address of LAN1 device and/or LAN2 device. See what packets appear where. I do suspect that you will see the echo request go through pfSense and out to LAN2, but you will not see any answer arriving back on LAN2 from LAN2 device.

    Your pfSense topology and rules are so simple and should work as you describe.



  • in LAN1–-DESKTOP O.S. WinXP
    in LAN2---SERVER O.S. WINDOWS SERVER 2003

    how i can capture package in pfsense? i newbie in pfsense :-.

    Thanks you help. ;D
    Regard



  • Diagnostics->Packet Capture
    Choose interface (LAN1, LAN2…)
    In Host Address put the IP address of one of the clients (on LAN1 or LAN2)
    Press Start

    do some pings on the client

    Press Stop

    see what it displays.

    But also try turning off all firewall on Windows Server 2003 - ping might start working and you will know straight away it was that firewall.



  • Thanks for all Phil

    I will probe your suggestion.

    pd: windows 2003 dont have firewall on.


  • Rebel Alliance Global Moderator

    can lan1 and lan2 use the internet?

    So running on virtual?  is the lan1 rules the default or did you create them?  Do you have any floating rules?  So 2k3 has no firewall, not even 3rd party antivirus/firewall suite?

    Does it have a gateway set to pfsense an IP? Same for you lan1 devices.

    Issue I have seen when users create rules is they they think its any any, ie source is any and dest is any but they have protocol set to tcp or tcp/udp which would not allow icmp (ping)