Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Layer 3 connectivity problem

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      darthfoolish
      last edited by

      Can't see a specific forum that this question would better fit into, so General it is!

      So, I've had pfSense working well on a watchguard firebox x550e for the past 3 months, using a BT HomeHub 5 as my wireless AP.

      I wanted to add a second isolated WLAN to use as a Guest and IOT network, so I've wired up a second spare SOHO Router (Buffalo WHR-HP-G54 running Tomato firmware) to a spare NIC on the pfSense box, sk1

      I've set up the sk1 interface in pfSense, given it 10.0.0.1/24, and a DHCP scope setup to give out 10.0.0.10-10.0.0.254 from this interface. The Buffalo AP is on 10.0.0.2/24

      When I connect my laptop to the new AP, it receives a DHCP address from pfSense (definitely from here, DHCP server is disabled on the Buffalo)

      From the laptop (10.0.0.10), I can ping the Buffalo AP (10.0.0.2), but I cannot ping pfSense (10.0.0.1)

      SSH'ed into the Buffalo, I can ping the laptop (10.0.0.10), but I cannot ping pfSense (10.0.0.1)

      However, SSH'ed into pfSense, I CAN ping 10.0.0.2.

      And it's not just ICMP that doesn't work, I can't get any L3 traffic to work.

      There are no Firewall rules in place that would cause this.

      The Buffalo AP has a physical switch that switches between "Auto" and "BRI" (Bridge)

      I have tried both positions, but think it should be on BRI

      So it seems that the crux of the problem is that the Buffalo AP cannot ping pfSense.

      Any ideas why this would be?

      1 Reply Last reply Reply Quote 0
      • D
        darthfoolish
        last edited by

        Could it be that there are no firewall rules explicitly allowing traffic?

        I don't remember having to set up rules to allow the traffic from the original AP though to pfSense.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          "to a spare NIC on the pfSense box"

          Unlike the default lan network that is created when you install pfsense with any any as default, when you bring up new interfaces opt1, opt2, optx they have NO rules and everything would be blocked other than dhcp that is a hidden rule when you enable dhcp server.

          You have to create rules on your network..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • D
            darthfoolish
            last edited by

            Well, that would explain it all then

            Facepalm

            What a waste of an evening!!!

            Thanks

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.