SIMPLE CONFIG



  • Hello I have pretty straightforward config however I cannot seem to get the routing quite right When I tracert from LAN 1 back to LAN 2 I time out @ 10.0.0.2 I can however tracert back from LAN2 to LAN1 When looking in the logs I see an error 516704 rule 84/0(match): block in on nve0: 71.xxx.xxx.xxx.44049 > 10.0.0.1.57137: UDP, length 173. I really just want any traffic to flow between LAN 1 and LAN 2 as the connection is a dedicated Point to Point connection.

    LAN2
                                                    206.187.xxx.xxx
                                                              |
                                                      |PFSENSE2|–--WAN2 71.xxx.xxx.xxx
                                                              |
                                                          OPT
                                                        10.0.0.2
                                                              |
                                                              |
                                                        10.0.0.1
                                                          WAN1
                                                              |
                                                      |PFSENSE1|
                                                              |
                                                              |
                                                          LAN1
                                                        172.17.xxx.xxx



  • Are you having the same physical subnet on multipe interfaces?

    Did you uncheck the "Block private networks" checkbox on the WAN config?

    Do both pfSense's know the routes back?

    Are you aware that you're doing NAT?



  • Did you uncheck the "Block private networks" checkbox on the WAN config? Yes

    Do both pfSense's know the routes back? Not sure

    Are you having the same physical subnet on multiple interfaces? No each adapter has a diff subnet (except the 10.x.x.x)



  • Did you disable NAT from LAN1 to WAN1?
    If not: you have to.
    Otherwise you'll never be able to access anything in the 172.17.x.x range.

    Then add a route on your pfSense2 that points to 10.0.0.1 for the 172.17.x.x range.



  • Did you disable NAT from LAN1 to WAN1? NAT is Disabled

    I do have a route on Pfsense2 for 10.0.0.1 that points to 172.17.x.x

    Interface    Network              Gateway
    LAN      172.17.x.x/24    10.0.0.1



  • Set the interface to OPT in the static route.

    How do your rules on the OPT interface look like?
    Are you allowing the 172.17.x.x range?



  • I have two new errors maybe these will help

    pf: 3. 465370 rule 77/0(match): block in on nve0: fe80::20a:95ff:fed7:3622 > ff02::2: ICMP6, router solicitation, length 16

    pf: 1. 668777 rule 77/0(match): block in on nve0: 71.x.x.x.16013 > 10.0.0.1.55558: UDP, length 173

    The 71.x is the WAN interface on the PFSENSE2 Box that is not plugged in at this time.



  • As dumb as it sounds: are you sure that you plugged in the right interface?



  • LOL - yep I can transverse the two networks using vnc and even copy data up from lan2 to lan1 I just cannot seem to come back from lan1 to lan2. it just keep sending packets to the WAN interface for some reason instead of from OPT to the LAN



  • That's why i ask.
    If OPT isnt plugged in, and you plugged your WAN on pfSense2 instead, you should be able to access LAN1 from LAN2.
    But since you have a blockrule on WAN2 you never can access LAN2 from LAN1.
    Another thing that points to this is that you cannot ping 10.0.0.2 (your trace before).

    Maybe just swap the cable on the interfaces as a test :)

    If that doesnt work: What rules do you have on the OPT1 interface?



  • Ill give it a try and see what happens


Log in to reply