    My setup is pretty basic, pfSense is running for 5 days now. All basic tasks are up and running fine. I’ve connected:  WAN > Internet (fibre), LAN > LAN, OPT1 > Internet (cable). Then i came up with the idea to connect OPT2 to another LAN(2) just for fiddling around with a little bit of routing.

    Further setup: LAN1 NIC is configurated with connects to a managed L2 switch, which connects to all the hosts, 2 mediaservers, 2 wifi-accesspoints and all other shit that needs to be able to go online. All in the same net, so nothing fancy. DHCP is setup on pf to hand out 10 adresses which is enough in my environment.

    LAN2 is configured with netmask , space for 62 hosts. The NIC in pf is configured with as adress, DHCP is set on pf to hand out to 20. The NIC is directly connected to the switch-side of old wifi-router with WAN disabled, so it’s basicly a switch with wifi accespoint and configured with ip

    The WANs are put in gateway groups for failover and loadbalancing, which i didn’t test yet, becouse that’s not the problem. Internet is reachable from both LANs.

    Firewall: WANs: both have 2 rules block private and bogon networks. LAN1: from top to bottom: Anti-Lockout, Loadbalance, failover1, failover2, default LAN to any ipv4, default LAN to any ipv6. LAN2:  , default LAN to any ipv4, default LAN to any ipv6.

    As you can see, all is setup basic and simple so there is nothing fancy here.

    The problem is basic routing from LAN1 to LAN2 and LAN2 to LAN1. The more i read the more confusing it gets, so a little push in the right direction would be appreciated.
    What’s confusing me: When a connect a host on LAN2 i can ping pfsense, all routers, the mediaservers etc. even the logon-screen of pfsense works like a charm on LAN2. Somehow they “know” the route.
    But when i ping a host from LAN2 to LAN1 connection timed out, no ping. I think that’s not strange becouse there is no gateway(s) nor route(s) to do that. Well, let’s setup the gateway. But when i go to the gateway-tab on pfsense, it’s warning me about not to setup gateways on NICs directly attached to pfsense nor setup routes for destinations directly attached to pfsense.
    Ok, i understand that. Confusing to me is how to setup the gateway for LAN2? And what about the gateway back to LAN1? Also confusing is that servers know the way and hosts don’t.
    This post comes closest: but where is that gateway to configure in my situation??

  • I added 2 rules to the firewall: Allow all from LAN1 to LAN2, and allow all from LAN2 to LAN1. That didn't help. it doesn't make sense because this seems to be covered in the allow all to all rule. Also i checked if the option block private networks is unchecked at the interfaces, both are unchecked.
    Still hosts can not talk to eachother and i'm a little stuck here.

  • no gateways involved in routing directly attached networks. it (should) work out of the box.

    are the clients configured correctly? firewalls on the clients? have the correct gateway filled in ?

  • I was really sure having all the right setting checked over and over again. then i narrowed the problem down to a faulty router at LAN2 (just doesn't respond to ping outside of LAN2) and 2 workstations running Windows 8.1 and 10. You would not believe replying to ICMP Echo Requests had been disabled in the default firewall policy  ??? So, problem solved.

