Layer 3 connectivity problem

  • Can't see a specific forum that this question would better fit into, so General it is!

    So, I've had pfSense working well on a watchguard firebox x550e for the past 3 months, using a BT HomeHub 5 as my wireless AP.

    I wanted to add a second isolated WLAN to use as a Guest and IOT network, so I've wired up a second spare SOHO Router (Buffalo WHR-HP-G54 running Tomato firmware) to a spare NIC on the pfSense box, sk1

    I've set up the sk1 interface in pfSense, given it, and a DHCP scope setup to give out from this interface. The Buffalo AP is on

    When I connect my laptop to the new AP, it receives a DHCP address from pfSense (definitely from here, DHCP server is disabled on the Buffalo)

    From the laptop (, I can ping the Buffalo AP (, but I cannot ping pfSense (

    SSH'ed into the Buffalo, I can ping the laptop (, but I cannot ping pfSense (

    However, SSH'ed into pfSense, I CAN ping

    And it's not just ICMP that doesn't work, I can't get any L3 traffic to work.

    There are no Firewall rules in place that would cause this.

    The Buffalo AP has a physical switch that switches between "Auto" and "BRI" (Bridge)

    I have tried both positions, but think it should be on BRI

    So it seems that the crux of the problem is that the Buffalo AP cannot ping pfSense.

    Any ideas why this would be?

  • Could it be that there are no firewall rules explicitly allowing traffic?

    I don't remember having to set up rules to allow the traffic from the original AP though to pfSense.

  • LAYER 8 Global Moderator

    "to a spare NIC on the pfSense box"

    Unlike the default lan network that is created when you install pfsense with any any as default, when you bring up new interfaces opt1, opt2, optx they have NO rules and everything would be blocked other than dhcp that is a hidden rule when you enable dhcp server.

    You have to create rules on your network..

  • Well, that would explain it all then


    What a waste of an evening!!!


Log in to reply