EXCHANGE ACESS ISSUE ON LAN
-
HI
I have a network which is 10.7.20.0/22 and all my printers, WD Network Drive and exchange servers have given them static IP's between 10.7.20.10 - 10.7.20.100.
I Have a LAN and three WAN for internet and backup.
******While my LAN I cant access the exchange server and ping it at the same time i cant print on the network Printers or connect to one of the NAS device which is a WD.******
I have tried to adding rules as attached but it didn't work
Secondly all the network connects to a switch then to the pfsense firewall then to internet, but the switch is not configurable & i don't have a DMZ for servers.
Kindly help me coz the mails and printing is a issue here. Its my third week on pfsense and tried using the basics but didnt work for me.
Attached are the LAN rules put on the LAN Interface -
Judging from the rules you've posted, you've given the source for your rules to your Mail, Printing, browsing, etc. as the LAN interface address, not the LAN network. I'm not sure what to make of the other rules, given I don't know your layout (what is your LAN address range, etc).
-
If all of your devices are connected on the same network (based on your very incomplete description) the traffic from device to device never traverses the pfSense system and your rules never apply. In that case your problem is DNS resolution and the DNS names are not resolving to the local addresses on the LAN. Take a look at the DNS resolver settings at Services->DNS Resolver.
-
Sounds like either a DNS issue or you're wrongly subnetting your LAN devices. If your servers are on the same network as your clients, you don't need firewall rules as the traffic will never reach the firewall, as KPA says.
If there's something you're not telling us - and I suspect there is - the best thing would be to post a network diagram, complete with LAN/WAN addresses and network masks.
-
Yes having a mask saying they are on a /24 when you have setup a /22 would be a problem for sure… Why are you using a /22 in the first place would be my question. Do you have 1000 some devices that you want all on the same layer 2?
-
If you at some time have close to a 1000 devices then sure /22 would be a good size.. But keep in mind they are all on the same broadcast domain… 800 machines all sending broadcasts on the same network can be noisy...
If most of these are wifi users you might be better off using multiple segments for different areas of of your network so that you have less nodes on each broadcast domain (layer 2)
If find it hard to fathom that you could have anywhere near that many clients on a specific AP? Do these clients have any need to be able to broadcast and find any of the other 500 users devices? Then there is really no reason to put them on the same network..
Even when wired, its better to have multiple network segments be them physical or vlans to reduce the number of devices on each layer 2/broadcast domain and also to allow for security between networks. You might put all your printers for example on 1 segment, depending on rules of servers they might be in a production network, or a dmz network that has firewalled connectivity between them, etc. etc..
Having 1 flat large network is not a good idea from multiple aspects, be it noise or security or just plain management of IP addresses
