David, Thanks greatly. On my LAN network I had the first rule as allow any protocol from lan to anywhere via my ISP gateway not via default. That was what was killing me, not sure why it was that way.
I am now able to pass back and forth with no issues. You did however straighten me out on where and how rules are applied so next rules changes should be easier. Is there anything in pfSense that would allow me to make a group of IP address call "GoodGuys" or something so that I can just add or remove IPs from the group to allow people in or block them out without having to add/remove rules for their IPs? Once again thanks greatly for your assistance. Ron -----Original Message----- From: David Burgess [mailto:apt....@gmail.com] Sent: Sunday, September 19, 2010 12:39 AM To: support@pfsense.com Subject: Re: [pfSense Support] Allow Traffic Between Interfaces On Sat, Sep 18, 2010 at 10:11 PM, Ron Lemon <r...@maplewood.com> wrote: > Hi David, > > I have switched the rules but I am still unable to ping 10.0.1.100 > from any machine in 10.0.0.0 / 24 Just to be sure, I have attached (I hope it makes it through) a screenshot of the rule you should have on your LAN interface. You should have a similar one on OPT1 with the source and destinations reversed. > I hope I have this correct now. Looks right to me. If your firewall rule is correct and you're still receiving no ping response then you'll need to check a couple things. 1. Is the receiving host set to respond to pings? i.e., no Windows firewall preventing it? 2. Do both hosts know that pfsense is the gateway and the default route? If 10.0.1.100 receives a ping from 10.0.0.200 and wants to respond, it has to know where to route the response. Because 10.0.0.200 is not on its subnet (and you haven't given it a static route), it will send its response via the default route, so this needs to be the OPT1 interface of pfsense. If you have dhcp service enabled on OPT1 and your OPT1 hosts are getting their address via dhcp, then this is already happening. 3. If you don't want OPT1 to be the default route for the hosts on that subnet, then you must arrange static routes for those hosts, or enable outbound NAT from LAN to OPT1. db
