Pfsense LAN1 LAN2 issues


#1

Hello all,
I am setting up a pfsense box in my home network and have LAN1 on 10.20.1.0/24 and LAN2 on 10.20.3.0/24. Computer A is on LAN1 (1.30), Computer B is on LAN2 (3.4) and Computer C is on LAN1 (1.10) and is the fileserver/AD server, Computer D is on LAN1 (1.11) and is the media server.

Computer A and B can both ping each others DHCP Server (10.20.1.1 and 10.20.3.1) but not each other.

At one point, without changing anything (I think), A and B was able to ping each other, but B was not able to ping C or D or vise versa, even though they are on the same network as A and has no firewalls enabled.

Any suggestions?


#2

now after sitting without any changes on the pfsense box, A C and D computer can all ping the B computer and B and ping A C and D. However, when I try to access the camera on computer C (port 8080) it gets timed out and I can no longer ping from B to C, until I initialize a ping FROM C to B…

My head hurts…


#3

Are these assigned to VLANS or actual ports?


#4

actual ports all wise and knowing one :smiley:


#5

Just to be clear, you want them to be able to talk across LANs, or not to talk across LANs?


#6

I want them to talk for now, just like a regular switch and network but with two seperate IP ranges


#7

I see in your firewall rules you have rules to allow traffic out to the other LAN, but not rules to allow traffic in from the other LAN


#8

they are able to talk for a while, then it times out. Not sure if it’s anything like a protection rule / feature or just the box I used that isn’t powerful enough and can’t handle the request.

Hardware is
Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
4 CPUs: 1 package(s) x 4 core(s)
8gb Ram

Computer is an old Dell XPS420


#9

added rules LAN2 to LAN under LAN and the reverse under LAN2.


#10

And has that helped? Keep in mind what may be causing it to work and then suddenly not work is having existing entries in the state table that continue to allow traffic even after changing the rule responsible for allowing it. So I would recommend clearing your state table every time you make changes to your firewall rules just to be sure your seeing an accurate representation of their ability to communicate. Thats under Diagnostics->States->Reset States


#11

Looking at your Firewall rules, there are a lot of issues with them. On your LAN you have an allow rule from (vpn_pc) to anything via a gateway. All your traffic appears to be matching that rule and never moving to the next rule of Blocks. You should really start from scratch and delete all rules under your LAN’s and create one rule that says, Allow ALL to ALL. Then anything you want blocked place ABOVE that rule. That is a good starting point.

Secondly, if you are using a switch to connect multiple LAN segments to your multiple pfSense LAN ports (physical NIC ports) you will have problems. A switch typically has 1 trunk port. You are asking your switch to carry multiple LAN segments across the switch. I’d recommend using VLANS and a smart witch that supports VLANS.


#12

unfortunately not. Pinging still works on and off, can’t access the computer C:8080 or 81


#13

not using a switch. The computer has a quad NIC in it.
VPN rule is filtered with an alias for only certain computers, none of them apart of this.


#14

It’s a complex issue to troubleshoot without physical access. I would recommend collecting more diagnostic information using traceroute to see how the packet is traveling, looking at firewall logs to see if the packet is being denied there or if its happening on the guest computer’s local firewall.