On Sat, Sep 18, 2010 at 10:11 PM, Ron Lemon <[email protected]> wrote: > Hi David, > > I have switched the rules but I am still unable to ping 10.0.1.100 from any > machine in 10.0.0.0 / 24
Just to be sure, I have attached (I hope it makes it through) a screenshot of the rule you should have on your LAN interface. You should have a similar one on OPT1 with the source and destinations reversed. > I hope I have this correct now. Looks right to me. If your firewall rule is correct and you're still receiving no ping response then you'll need to check a couple things. 1. Is the receiving host set to respond to pings? i.e., no Windows firewall preventing it? 2. Do both hosts know that pfsense is the gateway and the default route? If 10.0.1.100 receives a ping from 10.0.0.200 and wants to respond, it has to know where to route the response. Because 10.0.0.200 is not on its subnet (and you haven't given it a static route), it will send its response via the default route, so this needs to be the OPT1 interface of pfsense. If you have dhcp service enabled on OPT1 and your OPT1 hosts are getting their address via dhcp, then this is already happening. 3. If you don't want OPT1 to be the default route for the hosts on that subnet, then you must arrange static routes for those hosts, or enable outbound NAT from LAN to OPT1. db
<<attachment: rule.png>>
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
