The router on the WAN side of my pfsense box routes between the 2 subnets....my private numbers are nat'd behind one of my public numbers for access to the internet but the router has a static route setup to to route traffic between the subnets.
On Thu, Mar 12, 2009 at 9:07 AM, Gary Buckmaster <g...@centipedenetworks.com > wrote: > Brad Gillette wrote: > >> How can I tell if my LAN is on a opt interface? >> >> On Thu, Mar 12, 2009 at 8:40 AM, Gary Buckmaster < >> g...@centipedenetworks.com <mailto:g...@centipedenetworks.com>> wrote: >> >> Brad Gillette wrote: >> >> I am using pfSense as transparent briding firewall and overall >> is working pretty good and how I want it to work except for >> some traffic that is coming in on my LAN interace is being >> blocked by the 'default deny rule'. I'm allowing all traffic >> that is generated on the LAN side to leave. I see where some >> others have ran into a similar problem. I do run 2 different >> IP subnets on my LAN and a router on the WAN side of the >> pfSense box routes between. Some of the traffic between the 2 >> subnets is getting blocked and some gets passed just fine >> >> >> This is typically a misconfiguration in your firewall rules. By >> default the LAN is in a default allow state. If you are bumping >> up against the default deny rule, then you are either using an OPT >> interface as a LAN, which is fine, just realize that all OPT >> interfaces come in a default deny state, and make your firewall >> rules accordingly. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >> <mailto:support-unsubscr...@pfsense.com> >> For additional commands, e-mail: support-h...@pfsense.com >> <mailto:support-h...@pfsense.com> >> >> Commercial support available - https://portal.pfsense.org >> <https://portal.pfsense.org/> >> >> >> You said you run two different IP subnets on your LAN, how are you > accomplishing this? Through a physically separate card or some other means? > This is likely to be the starting point to your issue. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > >
