Cant ping Lan <-> Opt 1 ?

level4

Just out of curiosity;

What are you pinging on the other interface ?

Could it be the pinged device has a firewall on itself which denies pings from unknown subnets ?

srytryagn

@level4

Mac tried (192.168.22.22) tried to ping Windows:
192.168.11.11
192.168.22.22

Disabled all firewall settings temporarily for testing.

Ping fails.

johnpoz

@srytryagn can you please do as I ask this simple on

On your pc on your lan ping 192.168.22.1

srytryagn

@johnpoz

@johnpoz

ping 192.168.22.1 (from PC with IP 192.168.11.11)

PING 192.168.22.1 (192.168.22.1): 56 data bytes
64 bytes from 192.168.22.1: icmp_seq=0 ttl=64 time=0.243 ms
64 bytes from 192.168.22.1: icmp_seq=1 ttl=64 time=0.403 ms
64 bytes from 192.168.22.1: icmp_seq=2 ttl=64 time=0.435 ms

Works.

But ping 192.168.22.22 (from PC with IP 192.168.11.11)

fails...

ping 192.168.22.22
PING 192.168.22.22 (192.168.22.22): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3

johnpoz

@srytryagn said in Cant ping Lan <-> Opt 1 ?:

But ping 192.168.22.22 (from PC with IP 192.168.11.11)

And again - there are many reasons that could be, most likely host firewall on the 192.168.22.22 machine. Or wrong gateway or etc. etc..

To prove that to yourself, get a constant ping going from your lan device, this 192.168.11.11 to some IP on your opt network 192.168.22.22 for example

ping 192.168.22.22 -t on a windows machine

Now sniff via packet capture under the diagnostic menu on pfsense, on your opt interface.. You see the pings going out, but no response.

edit: here you go, example from box (192.168.2.12) in one of my vlans I can ping a box in my lan.

PING 192.168.9.100 (192.168.9.100) 56(84) bytes of data.
64 bytes from 192.168.9.100: icmp_seq=1 ttl=127 time=1.09 ms
64 bytes from 192.168.9.100: icmp_seq=2 ttl=127 time=0.795 ms

I then set firewall on that 192.168.9.100 box

ping 192.168.9.100
PING 192.168.9.100 (192.168.9.100) 56(84) bytes of data.
^C
--- 192.168.9.100 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7165ms

If I sniff on the lan interface while pinging from the vlan device.. You can see pfsense sending on the traffic

The problem is not pfsense routing or allowing the traffic - its just that the device is not answering..

Even with the firewall on the host, pfsense can ping it - because pfsense is pining from an IP on that lan interface (192.168.9.253) Which the host firewall allows ping from its own local network, but not from a remote network (192.168.2.12) in my example.

srytryagn

@johnpoz

Had to set gateways on client side, still did not work.

Then I rebooted.

And it works :( :)

johnpoz

@srytryagn said in Cant ping Lan <-> Opt 1 ?:

Had to set gateways on client side

And why would you have had to do that? Your dhcp would auto hand that out.. Nowhere in your posts did you say your client was not using dhcp..

How would the devices have gotten internet through pfsense if they were not using pfsense as their gateway? Was internet not working on these devices? You made no mention of that either.

You stated

I am able to connect to the internet

That is to be assumed your opt had internet as well, if it did not you should of mentioned that, etc.

srytryagn

@johnpoz said in Cant ping Lan <-> Opt 1 ?:

@srytryagn said in Cant ping Lan <-> Opt 1 ?:

Had to set gateways on client side

And why would you have had to do that? Your dhcp would auto hand that out.. Nowhere in your posts did you say your client was not using dhcp..

How would the devices have gotten internet through pfsense if they were not using pfsense as their gateway? Was internet not working on these devices? You made no mention of that either.

You stated

I am able to connect to the internet

That is to be assumed your opt had internet as well, if it did not you should of mentioned that, etc.

@johnpoz

The internet was working.
DHCP was set to auto, pings were not working.

After setting to manual on clients and explicitly making the ".1"s gateway and rebooting it worked all of a sudden.

This was a huge time suck, wish I had made a mistake I could learn something from.

johnpoz

@srytryagn said in Cant ping Lan <-> Opt 1 ?:

The internet was working.

Well that just not really possible, if your gateway wasn't working - how would clients have gotten internet?

The gateway is the same for internet as it is for other networks attached to pfsense, etc.

What makes more sense is your rebooting of the client fixed whatever your firewall setting was on the host, etc.

If the gateway was not set on your client - there is no way it could of gotten internet through pfsense.

srytryagn

@johnpoz

That makes more sense, I agree.
You think that perhaps client (windows or mac) firewall deactivation only happened after a reboot ?

If so that is bad behaviour, hope it doesn't do that when enabling it !