Hello all,
I am setting up a pfsense box in my home network and have LAN1 on 10.20.1.0/24 and LAN2 on 10.20.3.0/24. Computer A is on LAN1 (1.30), Computer B is on LAN2 (3.4) and Computer C is on LAN1 (1.10) and is the fileserver/AD server, Computer D is on LAN1 (1.11) and is the media server.
Computer A and B can both ping each others DHCP Server (10.20.1.1 and 10.20.3.1) but not each other.
At one point, without changing anything (I think), A and B was able to ping each other, but B was not able to ping C or D or vise versa, even though they are on the same network as A and has no firewalls enabled.
now after sitting without any changes on the pfsense box, A C and D computer can all ping the B computer and B and ping A C and D. However, when I try to access the camera on computer C (port 8080) it gets timed out and I can no longer ping from B to C, until I initialize a ping FROM C to B…
they are able to talk for a while, then it times out. Not sure if it’s anything like a protection rule / feature or just the box I used that isn’t powerful enough and can’t handle the request.
Hardware is
Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
4 CPUs: 1 package(s) x 4 core(s)
8gb Ram
And has that helped? Keep in mind what may be causing it to work and then suddenly not work is having existing entries in the state table that continue to allow traffic even after changing the rule responsible for allowing it. So I would recommend clearing your state table every time you make changes to your firewall rules just to be sure your seeing an accurate representation of their ability to communicate. Thats under Diagnostics->States->Reset States
Looking at your Firewall rules, there are a lot of issues with them. On your LAN you have an allow rule from (vpn_pc) to anything via a gateway. All your traffic appears to be matching that rule and never moving to the next rule of Blocks. You should really start from scratch and delete all rules under your LAN’s and create one rule that says, Allow ALL to ALL. Then anything you want blocked place ABOVE that rule. That is a good starting point.
Secondly, if you are using a switch to connect multiple LAN segments to your multiple pfSense LAN ports (physical NIC ports) you will have problems. A switch typically has 1 trunk port. You are asking your switch to carry multiple LAN segments across the switch. I’d recommend using VLANS and a smart witch that supports VLANS.
It’s a complex issue to troubleshoot without physical access. I would recommend collecting more diagnostic information using traceroute to see how the packet is traveling, looking at firewall logs to see if the packet is being denied there or if its happening on the guest computer’s local firewall.
