Please help to get everything to work to OPT1, DHCP works static does not.
-
@bingo600
thank you for raising this point - the situation is like this:
NVR - brand is Dahua (probably same tech ask hikvision? also big chinese brand)
NVR - now on DHCP from pfsense, and so are a bunch of cams formerly on fixed ip via NVR
not on site with problem till 3 days later, but will look into switching all remaining cams to DHCP via pfsense to see if that will 'disable' the nvr function
looked into the NVR network settings - it has a bunch of port settings that seem to be active, and disabling virtual network (?) setting did not work, nor are there further internal network menus that allows me to meddle with now NVR is also on DHCPonly issue given the 192.168.1.x issue is pfsense has both 192.168.1.x (LAN) and also 192.168.2.x (OPT1 on which NVR lives) - reluctant to change away from 192.168.1.x on pfsense since so much other settings are already on that basis...
-
To confirm though, you said you were able to access the NVR from a different laptop that was also in the LAN subnet?
If that's true this is not conflict in the NVR or any sport of routing problem there.Steve
-
to be clear:
-
different laptop on 192.168.2.x can print to printer on same subnet, but not main laptop from 192.168.1.x
-
not tried using 2nd laptop to access nvr yet so will do that (in 2 days' time when have access to it) and report
-
-
Ok, so a laptop in the same subnet can. Inside the same subnet traffic is not routed and doesn't go through pfSense so nothing is required. Almost everything will responds to requests from something inside it's own subnet and device discovery will work.
If you are not connecting to the printer by IP then it will probably not appear as available in Windows from the LAN subnet.Start a continuous ping from the laptop in LAN to the NVR.
Check Diag > States for the states created. You should see a state on LAN and one on OPTIf both are there and there are packets shown on both then the NVR is not responding and you need to look there.
Steve
-
@stephenw10 said in Please help to get everything to work to OPT1, DHCP works static does not.:
rything will respo
back at the pfsense box, and pinged both printer and nvr - both 100% lost packets...
what bothers me is how come with lan to any and opt1 to any rules, we still can't access the x.x.2.0 subnet from x.x.1.0 (the main laptop)?
strangely, ping from within pfsense-lan (under diag>ping) to nvr (on x.x.2.0) has no lost packets!
-
@wufwuf
tried on another laptop on x.x.2.0 and was able to access NVR interface...so that means it is all down to LAN vs OPT1 issue, unless NVR internally blocks access that is not coming from its own subnet?
-
@stephenw10
tried from main laptop on x.x.1.0 to ping x.x.2.0 and x.x.2.1 (pfsense gateway), but no response... perhaps we are getting close to the problem?set up is like this:
pfsense (Wan) => modem
pfsense (Lan) => switch 1 => main laptop (192.168.1.x)
pfsense (opt1) => switch 2 => printer / nvr (192.168.2.x) -
@wufwuf said in Please help to get everything to work to OPT1, DHCP works static does not.:
strangely, ping from within pfsense-lan (under diag>ping) to nvr (on x.x.2.0) has no lost packets!
What if you set the source to LAN there? That will prove the NVR does respond to requests from outside it's subnet.
With those rules on LAN you should definitely be able to ping the pfSense OPT interface IP (192.168.2.1) from the laptop.
If that fails the laptop may have a bad or conflicting route locally.Did you check the state table whilst running a continuous ping?
Steve
-
@wufwuf said in Please help to get everything to work to OPT1, DHCP works static does not.:
perhaps we are getting close to the problem
Re do the test, and packet capture the ICMP stuff on the OPT1 interface.
You should see ICMP packets, the one coming out of the OPT1 interface, originating from your a device on your LAN, going to the NVR.
If the NVR doesn't answer, you know that it only replies to devices from it's 'local' network (== 192.168.2.0/24).
Go have a 'talk' with your NVR ;) -
@gertjan
thank you guys... much appreciated - away at work so need to test over weekend, will report back!