Weird LAN to LAN issue…



  • In testing about ready to put my pfsense box in, I ran into a weird issue, and I can't figure out if its a hardware problem, a hardware limitation, or just something I am doing wrong:

    I have dual WANs.

    I have 2 DMZs

    I have 4 LANs.

    The issue is with LAN to LAN routing.

    From LAN1, I can reach LAN2, 3, and 4.

    But I can't reach LAN1 from LAN 2,3, or 4.

    I have put temp firewall rules in place any any any on all 4 LANs.  Still no-go.

    When I try to ping LAN1's interface from any of the other lans, I get destination unreachable.

    Thoughts?

    -Alan


  • Banned

    Post screenshots of your rules. Post screenshots of the interface settings for all those LANs as well.



  • Thats a few screenshots…I will get them and post them later (may continue this Monday).

    But for now, a little test:

    From LAN2 (192.168.2.0/24) I can reach the pfsense box's web interface on ANY interface IP (WAN1, WAN2, DMZ1, DMZ2, LAN2, LAN3, LAN4) EXCEPT LAN1.

    -Alan

    PS  Unfortunately, LAN1 was going to be my main one, and I wanted to allow direct access to our Xerox printer from clients on my other LANs…But it seems to be the only one that won't allow other subnets access.



  • When you install pfSense, only WAN and the first LAN get default rules.  All other LAN interfaces (OPT1, OPT2 etc) have nothing at all and no traffic will flow.  Narrow the problem down to just the two LANs and post your LAN rules for LAN2.  Adding an Allow All rule on all extra LANs is required for them to talk.



  • LOL…I know I am stalling....mostly because I don't know how to use GIMP to edit my screenshots (I use Linux exclusively).

    But anyway, instead of even fiddling with the firewall, I went under system advanced and disabled it all together.

    Still same thing.

    If it was a firewall issue, shouldn't I be getting dropped packets?  I think the "destination host unreachable" is telling in this case...

    -Alan

    -EDIT-  Just FYI this is a pfsense store bought C2758 with 4 port intel add on card.

    ![Screenshot from 2015-07-24 12:45:56.png_thumb](/public/imported_attachments/1/Screenshot from 2015-07-24 12:45:56.png_thumb)
    ![Screenshot from 2015-07-24 12:45:56.png](/public/imported_attachments/1/Screenshot from 2015-07-24 12:45:56.png)



  • What, exactly, is the unreachable message you're getting? Different types and sources have different potential causes.



  • Nevermind…grrrr

    Somehow a "virtual ip" was set on my laptop on the same subnet as lan1. I saw it when i did a nm-tool command in the terminal.

    I had to delete my network profile and recreate it on my laptop to get rid of it.

    All is well.

    Sorry for the wasted time...i was looking all over pfsense for the problem, and couldnt find it because that isn't where the problem even was!

    -alan