5

I have a PFsense router which divides a single WAN connection into three NAT networks on three interfaces: LAN, OPT1 and OPT2. This allows me to segregate my network so that computers on the OPT1 and OPT2 networks can't reach servers on the LAN network. This is working fine.

There is a single server on the LAN network which I want to allow computers on the OPT2 network to connect to via readonly NFS. I have added firewall rules allowing traffic from the OPT2 network to the IP of the server on the LAN, but yet I still cannot connect.

How do I route between two interfaces in PFsense?

EDIT: Here's screen captures of my rules. I'm trying to allow computers on the FOREST interface (172.16.1.0/24) to access mission (192.168.1.107) over SSH. I used SSH because I know it's port 22 and I can ssh -v and see if it connects or not. It does not:

FOREST rules DFLAN rules

Josh
  • 9,190
  • 28
  • 80
  • 128
  • If your firewall rules are correct and the networks are directly connected this should Just Work. Review your logs for a reason, and if you don't find one post your configuration so we can be more helpfil... – voretaq7 Aug 09 '11 at 20:44
  • @voretaq7: I'm guessing my firewall rules aren't correct. I'll post screen captures of my config. – Josh Aug 09 '11 at 20:52
  • Your links aren't correct as the screen captures aren't showing up. – dkwiebe Aug 09 '11 at 23:10
  • Hmm. The order of the rules matters, the tip rules are processed first. You may want to re-order your rules. –  Sep 20 '16 at 20:45
  • 1
    Same issue here. Rules are "correct" and can't even ping across the subnets... There has to be some other configuration step, because this "just doesn't work" – Douglas Gaskell Sep 20 '20 at 18:56

1 Answers1

1

Firewall rules are correct. Probably a host firewall, or wrong subnet mask on a host, or missing/wrong default gateway.

Chris Buechler
  • 2,998
  • 14
  • 18
  • The host has no firewall... All machines can contact internet servers just fine so I doubt it's a missing/wrong gateway. It could possibly be a subnet mask issue, but I am pretty sure that the subnet masks were all set correctly... – Josh Aug 10 '11 at 12:44