Blocking LAN to LAN traffic
-
Hello!
I have LAN network 172.16.0.0/22
Jabber Server on 172.16.0.220 (i can connect with any 172.16.0.x addresses)
Client computer 172.16.2.38 blocked with firewall with this messages:
if: LAN Source: 172.16.0.220:5222 Destination: 172.16.2.38:5XXXX Proto TCP:SAI found some solutions in Google that has been tested:
adding "fly" Bypass firewall rules for traffic on the same interface (https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules#Gateway_not_set_when_it_should_be_set)
Automatic, manual.. It is not helped to me.Any ideas?.. Thanks!
I'm using Pfsense 2.1.5 amd64
-
Your LAN network has range 172.16.0.0 to 172.16.3.255, if your netmask is set to /22. Therefore your client computer on 172.16.2.38 is within your LAN so you don't need a firewall rule to pass traffic to another local machine. In fact, your internal routing won't pass traffic to your firewall at all, if the description of your set up is correct. Or is there something else you're not mentioning?
-
Your LAN network has range 172.16.0.0 to 172.16.3.255, if your netmask is set to /22. Therefore your client computer on 172.16.2.38 is within your LAN so you don't need a firewall rule to pass traffic to another local machine. In fact, your internal routing won't pass traffic to your firewall at all, if the description of your set up is correct. Or is there something else you're not mentioning?
All this way, the mask 22, do not understand why it blocks.
Here's another thought … that the structure is as follows: Proxmox: (kvm:pfsense215+openvz:openfire jabber). Maybe it imposes some features? On the virtualization system interfaces are configured correctly, the mask followed. -
That traffic does not pass through the firewall at all. Check all your netmasks and gateways. Everything needs to be /22. Check DHCP server, etc.
-
Thanks for answers! The problem was that the mask is not changed on the host virtualization - it has not been restarted after the network setup … Now there blocks dissapeared on the gateway.
