interface cannot ping lan to opt5
-
@sy5tem
Windows firewall??
Usually the case. All else looks good. -
@jarhead said in interface cannot ping lan to opt5:
@sy5tem
Windows firewall??
Usually the case. All else looks good.Both of on "private" weird thing is that when I report pfsense ping goes trought at some point the. Stop working...
Will disable firewall in windows ty
-
@sy5tem Not exactly sure what that says but it doesn't matter if they're set to private since you're using two different subnets, it would still block them.
-
@jarhead omg you where right ... lol
disabling firewall now it work.... was so focused on pfsense ...
thank you!
-
I have a very similar problem. Configuration: pfsense is VM in Windows Server 2012R2. Just turned off Windows firewall as suggested above but it did not have any effect.
Pfsense configuration: 1 WAN and 2 LAN ports. Each LAN port can access the WAN, and the internal machines - the server at 25.250 and pfsense gui at 25.1. But I can't ping from a laptop at 25.11 to another laptop at 26.17 or vice-versa.Here are the firewall rules
Looking for suggestions as I've tried everything I've found in these posts.
-
@ofcoit Delete the top rule on LAN26.
-
@jarhead
Change made. What worked still works. What doesn't work still doesn't work. -
@ofcoit all addresses show up in the ARP table, but still can't ping between 25.11 and 26.17
-
@ofcoit
Disabled the firewall and had same results. It's like pfsense isn't routing at all between the two -
@ofcoit
Ping from pfsense to 25.11 fails as does pfsense to 26.17. However ping from 25.11 to 25.1 or 25.250 succeeds as does ping from 26.17 to 25.1 and to 25.250 -
@ofcoit Show a picture of how everything is connected.
Are you using a virtual switch for both vlans or one for each?Sounds like a software firewall maybe. Try disabling windows firewall.
-
@ofcoit said in interface cannot ping lan to opt5:
turned off Windows firewall as suggested above
Just to be clear, you did that on the Hyper-V host or on the workstations? The workstations may disallow traffic from outside their subnet.
On LAN26 your "default" IPv6 rule only allows TCP not ICMP or UDP.
What does a traceroute between the two PCs show?
-
@ofcoit said in interface cannot ping lan to opt5:
It's like pfsense isn't routing at all between the two
Pfsense auto has routes for any network its directly attached to.
If you can not ping a device on either of those networks from the other network - and your rules allow, which yours show they do. Do you have any rules in floating?
It screams firewall or wrong mask, or wrong gateway on the device your pinging. Or pfsense doesn't know the mac of the device your trying to ping in the other network.
If you want to validate to yourself that pfsense is sending the traffic. Sniff (packet capture under diagnostic) on say vlan26 interface while you ping from vlan25 device. If the vlan25 device sent the ping pfsense, then you would see pfsense sending on the packets on the vlan26 interface.
You would also see state created. So example get a constant ping going to an IP on vlan26 from 25..
So I Ping 192.168.3.32 from 192.168.9.100
Here is the states..
Here is sniff on my dmz interface for icmp and 192.168.3.32 as the host, you can see request going out, and in my case you see an answer.
If you see the request go out and no answer - then the something is downstream of pfsense, most likely the host firewall, or it has a wrong mask, and doesn't think it needs to send the answer back to pfsense.
-
- I tried disabling firewalls on both laptops. No change.
- ipV6 and TCP changed to ipV6 *, No change
- Something changed over the weekend - not sure what because now the LAN26 (note these are not VLANs, just LAN ports where each port is assigned a different subnet .25 and .26. ) cannot ping 25.1 nor 25.250/
- Looking at the ipconfig info, I see that 25 has a Default Gateway fe80::215.... and 26 does not have a default gateway. I don't have detailed records from last week to see if that's what changed or not. Seems to be a problem.
4a. Swapped LAN cables on laptops in case laptop configuration was an issue. Only thing that changed is I got two new local addresses 25.25 and 26.18. - The difference in the interface configurations between LAN25 and LAN26 is in IPV6 Configuration Type. LAN25 is set to "Track Interface" while LAN26 is "None". If I try to make LAN25 "None" I get an error saying that the DHCP6 Server is active on this interface.... The Router Advertisements Server is active on this interface and it can be used only with a static IPV6 configuration.
- I tried to use the Diagnostics as proposed above but saw nothing on LAN26. Verified I was using it properly by capturing traffic from 25.25 to 25.250 using constant ping.
-
@ofcoit said in interface cannot ping lan to opt5:
25.25 to 25.250
Those would be in the same network and wouldn't go through pfsense. Is that a typo and one of those was suppose to be 26.x ?
You have some errors - see the little 2 with the bell up right corner, did your rules not load?
I see that 25 has a Default Gateway fe80::215.... and 26 does not have a default gateway.
if you don't have a IPv4 gateway, how would you get anywhere? Other then local network - maybe you have a dhcp issue, or just connectivity issue.
You say these are not vlans, and just physical - your not trying to run these connections over the same dumb switch are you?
-
@johnpoz
I appreciate you replying. To be clear let me go over what happens.- 25.25 laptop can successfully ping 25.1 and 25.250 (the server). I run the gui from a web browser on 25.25
- 25.25 pings 26.18 and gets: PING: transmit failed. General failure.
- 26.18 laptop pings 26.1 successfully
4 26.18 pings 25. and gets: PING: transmit failed. General failure. - Ping diagnostic in GUI to 26.18 fails
- Ping diagnostic in GUI to 25.250 succeeds.
How do I set up a ipv4 gateway for LAN26? Do I have to add a gateway in System/Routing/Gateways. I didn't have this set up last week and 26 could get to 25.1 and 25.250 but not today. Where does that gateway get set up?
-
@ofcoit said in interface cannot ping lan to opt5:
25.25 pings 26.18 and gets: PING: transmit failed. General failure.
that would be correct if you have no gateway..
So if I try and ping something on a different network with an interface that has no gateway. My 192.168.10.9 interface is a SAN connection only between my PC and NAS, so there are no gateways on these interfaces.
If I try and ping something off that network.
$ ping -S 192.168.10.9 8.8.8.8 Pinging 8.8.8.8 from 192.168.10.9 with 32 bytes of data: PING: transmit failed. General failure. PING: transmit failed. General failure. PING: transmit failed. General failure.Your interfaces on pfsense lan25 and lan26 should not have gateways set.. If you set a gateway on pfsense interface, then it considers it a "wan" interface - ie a connection that can be used to get to other networks.
But your clients need gateways.. that would point to pfsense IP on that network.
So for example.. Here is my pc.. on my lan..
$ ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : i9-win Primary Dns Suffix . . . . . . . : local.lan Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : local.lan Ethernet adapter Local: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Killer E2600 Gigabit Ethernet Controller Physical Address. . . . . . . . . : B0-4F-13-0B-FD-16 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.9.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.9.253 DNS Servers . . . . . . . . . . . : 192.168.3.10 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Nas-San: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek USB 2.5GbE Family Controller Physical Address. . . . . . . . . : A0-CE-C8-CC-57-DE DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.10.9(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : DisabledSo devices on your 25 network would point to pfsense 25.1 address, and devices on your 26 would point to pfsense 26.1 address as their gateway.
If your manually setting the IPs on your devices, you have to set a gateway if you want them to get to anything off their local network. If they are getting their IPs from dhcp, then that should auto hand out the gateway to the dhcp clients.
-
@johnpoz
So where does LAN26 get it's gateway set.? The LAN adapter settings are the same between the laptops and the behavior follows the LAN connection. First lan26 with no gateway
Second lan25 with gateway.
Is the LAN26 adapter not sending out the information? It's a dual-LAN card, so the driver, etc should be the same.
-
@ofcoit said in interface cannot ping lan to opt5:
So where does LAN26 get it's gateway set
I think you're asking how to set that on a PC on LAN26 but that's a confusing way to ask that...it sounds like you're trying to set a gateway on pfSense's LAN26 interface. There is no gateway set on the pfSense interface. If 192.168.26.1 is your pfSense (?) then since that's the DHCP server it should be providing itself as the gateway. On the DHCP Server tab for LAN26 the "Gateway" should be blank. Alternately you could give the PC a static IP/gateway.
With no gateway set, the PC has no idea where to send packets for 192.168.26.1. Or for the DNS server 192.168.10.229 for that matter.
-
@ofcoit so this is the same box??
Odd that you don't get an gateway.. Maybe because the box already a gateway on its 25 interface? Did you set the gateway to none in the 26 dhcp settings?
But there is no possible way your going to be able to talk to those 192.168.10.x dns server via that 192.168.26/24 address..
If that is the same box trying test is going to be problematic, because the box has an interface in both networks and wouldn't need or route anything to its gateway, it would just use the interface in that network to talk to something on that specific network.
