Pfsense routing between subnets

I’m having an issue with Pfsense. I need to access some servers out in my shop, but they are on a different subnet and physical interface of the router, which by the way, is constructed from the parts of various computers. My house is on 10.0.1.x and the shop is on 10.0.10.x.

Most of the time my servers don’t need to be accessed from the house, so I set up the network that way for a little bit of added security.

With that said, I need to reconfigure pfsense to enable routing between the two.

Thanks in advance!

1 Like

You need to set up a rule in firewall between the 2 interfaces.

For example see below , i have a DNS server on LAN1 and want to be able to access it from LAN2.

Go to firewall rules on LAN2, create a new pass rule to allow traffic to the DNS server, you can select all ports or just the ports you need.

3 Likes

Perhaps I didn’t do it right. I copied your rule almost exactly, but I opened all ports, addresses, and protocols until i nail down some more things.

The rule is network to network, but it doesn’t work/I’m not doing it right. Probably the latter, as I’m not a professional sysadmin or anything.

Make sure you do both interfaces if you didn’t.

For Example in Firewall /Rules / Shop:
Action: Pass
Interface: shop (or whatever its called)
Address Family: IP4
Protocol: Any
Source: House net
Destination: Shop net

Then in house side:
Action: pass
interface: house
Address family: IP4
Protocol: Any
Source: Shop Net
Desination: house net

This is pretty unrestricted between Shop and House but should get you started. You can lock it down from there.

In case you are interested you do not need to set up routes because pfsense is directly connected to both networks so it knows to send packets:
For network 1 (eg 192.168.1.0/24) down interface 1
For network 2 (eg 192.168.2.0/24) down interface 2

If you had two or more routers connected with multiple network coming off each router then you would have to setup routes. Otherwise the router will have no idea what do to with the packets .

Post screenshots of your rules as well so we can see what’s wrong

Did that, no dice. Do subnet masks have to be set to 16 on both the server and the client?

Should be 24, as in: 10.0.1.X/24 & 10.0.10.X/24

16 will cause both to be on the same network: 10.0.X.X/16

1 Like

Try resetting states
https://doc.pfsense.org/index.php/Reset_States

Assuming your referring Firewall rules probably best to start by matching your subnet mask of your network. For some reason it defaults to /16 (255.255.0.0).

From a network addressing stand point you could employ both /16 and /24 (or whatever subnet mask). You would need to be careful with how you address.

For example
192.168.1.0/ 24
10.0.10.0/16

Would be on a different subnets and would need a layer 3 device to communicate.

Hope that makes sense. As Dexter_Kane said post some screen shots or detail of the rules configured. Otherwise we’re just guessing.