pfSense Support Subscription

Author Topic: networking between interfaces  (Read 152 times)

0 Members and 1 Guest are viewing this topic.

Offline repomanz

  • Newbie
  • *
  • Posts: 22
  • Karma: +0/-0
    • View Profile
networking between interfaces
« on: November 08, 2017, 08:18:18 pm »
Hi everyone.  Quick question about pfsense / networking.

I have:

WAN (dhcp ip)
LAN1 (gateway 10.xxx.x24.1)
LAN2 (gateway 10.xxx.x25.1)

DHCP server on each LAN interface.

I have assets in LAN1 that my LAN2 clients need to get to.  Do i need to create an allow rule in LAN1 and LAN2 so the LAN2 clients are routed LAN1 network?

Offline divsys

  • Hero Member
  • *****
  • Posts: 916
  • Karma: +90/-1
    • View Profile
Re: networking between interfaces
« Reply #1 on: November 09, 2017, 09:35:56 am »
Short answer is "Yes"
pfSense  does not allow traffic between LAN1 & LAN2 by default.
Add a rule under LAN1 to allow the required traffic to LAN2 and a rule under LAN2 to allow traffic to LAN1.

You can temporarily turn on logging for test purposes.
-jfp

Offline Stewart

  • Full Member
  • ***
  • Posts: 252
  • Karma: +16/-2
    • View Profile
Re: networking between interfaces
« Reply #2 on: November 09, 2017, 10:15:40 am »
By default there are no rules to allow traffic.  If you don't need any traffic filtered, you could do any/any rules on both interfaces and everything should just come up.  If you need to lock it down then you would need specific rules for the traffic.

Offline repomanz

  • Newbie
  • *
  • Posts: 22
  • Karma: +0/-0
    • View Profile
Re: networking between interfaces
« Reply #3 on: November 09, 2017, 05:03:32 pm »
Thanks for the responses.  Is there ever a short answer though? :)

On to my next question.

I have LAN1 rule routing out traffic via the WAN_DCHP gateway as the final rule.  When i try to do this with LAN2 I break the LAN2 clients.  Can you not configure 2 lan interfaces to route out the same WAN_DHCP gateway even though they are separate interfaces / nics?  Only way I can fix this is an * as the rule for LAN2 instead of specifically assigning wan_dhcp gateway.
« Last Edit: November 09, 2017, 05:39:28 pm by repomanz »

Offline chpalmer

  • Hero Member
  • *****
  • Posts: 1748
  • Karma: +93/-3
    • View Profile
    • Home of Cablenut
Re: networking between interfaces
« Reply #4 on: November 12, 2017, 04:59:49 pm »

Actually by default pfSense installs with an "allow all" rule on the LAN interface. This will allow traffic to any other interface on the box.  When you add a second LAN you will need to copy the default LAN rule to the new interface unless you want to specifically limit traffic.

If you wish to limit traffic between interfaces you would place the "limiting" rule(s) above any "allow all" rule.

P.S. statements made by me are not necessarily condoned by the management of this fine organization.  http://badmodems.com