interface cannot ping lan to opt5
-
@ofcoit Delete the top rule on LAN26.
-
@jarhead
Change made. What worked still works. What doesn't work still doesn't work. -
@ofcoit all addresses show up in the ARP table, but still can't ping between 25.11 and 26.17
-
@ofcoit
Disabled the firewall and had same results. It's like pfsense isn't routing at all between the two -
@ofcoit
Ping from pfsense to 25.11 fails as does pfsense to 26.17. However ping from 25.11 to 25.1 or 25.250 succeeds as does ping from 26.17 to 25.1 and to 25.250 -
@ofcoit Show a picture of how everything is connected.
Are you using a virtual switch for both vlans or one for each?Sounds like a software firewall maybe. Try disabling windows firewall.
-
@ofcoit said in interface cannot ping lan to opt5:
turned off Windows firewall as suggested above
Just to be clear, you did that on the Hyper-V host or on the workstations? The workstations may disallow traffic from outside their subnet.
On LAN26 your "default" IPv6 rule only allows TCP not ICMP or UDP.
What does a traceroute between the two PCs show?
-
@ofcoit said in interface cannot ping lan to opt5:
It's like pfsense isn't routing at all between the two
Pfsense auto has routes for any network its directly attached to.
If you can not ping a device on either of those networks from the other network - and your rules allow, which yours show they do. Do you have any rules in floating?
It screams firewall or wrong mask, or wrong gateway on the device your pinging. Or pfsense doesn't know the mac of the device your trying to ping in the other network.
If you want to validate to yourself that pfsense is sending the traffic. Sniff (packet capture under diagnostic) on say vlan26 interface while you ping from vlan25 device. If the vlan25 device sent the ping pfsense, then you would see pfsense sending on the packets on the vlan26 interface.
You would also see state created. So example get a constant ping going to an IP on vlan26 from 25..
So I Ping 192.168.3.32 from 192.168.9.100
Here is the states..
Here is sniff on my dmz interface for icmp and 192.168.3.32 as the host, you can see request going out, and in my case you see an answer.
If you see the request go out and no answer - then the something is downstream of pfsense, most likely the host firewall, or it has a wrong mask, and doesn't think it needs to send the answer back to pfsense.
-
- I tried disabling firewalls on both laptops. No change.
- ipV6 and TCP changed to ipV6 *, No change
- Something changed over the weekend - not sure what because now the LAN26 (note these are not VLANs, just LAN ports where each port is assigned a different subnet .25 and .26. ) cannot ping 25.1 nor 25.250/
- Looking at the ipconfig info, I see that 25 has a Default Gateway fe80::215.... and 26 does not have a default gateway. I don't have detailed records from last week to see if that's what changed or not. Seems to be a problem.
4a. Swapped LAN cables on laptops in case laptop configuration was an issue. Only thing that changed is I got two new local addresses 25.25 and 26.18. - The difference in the interface configurations between LAN25 and LAN26 is in IPV6 Configuration Type. LAN25 is set to "Track Interface" while LAN26 is "None". If I try to make LAN25 "None" I get an error saying that the DHCP6 Server is active on this interface.... The Router Advertisements Server is active on this interface and it can be used only with a static IPV6 configuration.
- I tried to use the Diagnostics as proposed above but saw nothing on LAN26. Verified I was using it properly by capturing traffic from 25.25 to 25.250 using constant ping.
-
@ofcoit said in interface cannot ping lan to opt5:
25.25 to 25.250
Those would be in the same network and wouldn't go through pfsense. Is that a typo and one of those was suppose to be 26.x ?
You have some errors - see the little 2 with the bell up right corner, did your rules not load?
I see that 25 has a Default Gateway fe80::215.... and 26 does not have a default gateway.
if you don't have a IPv4 gateway, how would you get anywhere? Other then local network - maybe you have a dhcp issue, or just connectivity issue.
You say these are not vlans, and just physical - your not trying to run these connections over the same dumb switch are you?
-
@johnpoz
I appreciate you replying. To be clear let me go over what happens.- 25.25 laptop can successfully ping 25.1 and 25.250 (the server). I run the gui from a web browser on 25.25
- 25.25 pings 26.18 and gets: PING: transmit failed. General failure.
- 26.18 laptop pings 26.1 successfully
4 26.18 pings 25. and gets: PING: transmit failed. General failure. - Ping diagnostic in GUI to 26.18 fails
- Ping diagnostic in GUI to 25.250 succeeds.
How do I set up a ipv4 gateway for LAN26? Do I have to add a gateway in System/Routing/Gateways. I didn't have this set up last week and 26 could get to 25.1 and 25.250 but not today. Where does that gateway get set up?
-
@ofcoit said in interface cannot ping lan to opt5:
25.25 pings 26.18 and gets: PING: transmit failed. General failure.
that would be correct if you have no gateway..
So if I try and ping something on a different network with an interface that has no gateway. My 192.168.10.9 interface is a SAN connection only between my PC and NAS, so there are no gateways on these interfaces.
If I try and ping something off that network.
$ ping -S 192.168.10.9 8.8.8.8 Pinging 8.8.8.8 from 192.168.10.9 with 32 bytes of data: PING: transmit failed. General failure. PING: transmit failed. General failure. PING: transmit failed. General failure.Your interfaces on pfsense lan25 and lan26 should not have gateways set.. If you set a gateway on pfsense interface, then it considers it a "wan" interface - ie a connection that can be used to get to other networks.
But your clients need gateways.. that would point to pfsense IP on that network.
So for example.. Here is my pc.. on my lan..
$ ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : i9-win Primary Dns Suffix . . . . . . . : local.lan Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : local.lan Ethernet adapter Local: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Killer E2600 Gigabit Ethernet Controller Physical Address. . . . . . . . . : B0-4F-13-0B-FD-16 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.9.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.9.253 DNS Servers . . . . . . . . . . . : 192.168.3.10 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Nas-San: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek USB 2.5GbE Family Controller Physical Address. . . . . . . . . : A0-CE-C8-CC-57-DE DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.10.9(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : DisabledSo devices on your 25 network would point to pfsense 25.1 address, and devices on your 26 would point to pfsense 26.1 address as their gateway.
If your manually setting the IPs on your devices, you have to set a gateway if you want them to get to anything off their local network. If they are getting their IPs from dhcp, then that should auto hand out the gateway to the dhcp clients.
-
@johnpoz
So where does LAN26 get it's gateway set.? The LAN adapter settings are the same between the laptops and the behavior follows the LAN connection. First lan26 with no gateway
Second lan25 with gateway.
Is the LAN26 adapter not sending out the information? It's a dual-LAN card, so the driver, etc should be the same.
-
@ofcoit said in interface cannot ping lan to opt5:
So where does LAN26 get it's gateway set
I think you're asking how to set that on a PC on LAN26 but that's a confusing way to ask that...it sounds like you're trying to set a gateway on pfSense's LAN26 interface. There is no gateway set on the pfSense interface. If 192.168.26.1 is your pfSense (?) then since that's the DHCP server it should be providing itself as the gateway. On the DHCP Server tab for LAN26 the "Gateway" should be blank. Alternately you could give the PC a static IP/gateway.
With no gateway set, the PC has no idea where to send packets for 192.168.26.1. Or for the DNS server 192.168.10.229 for that matter.
-
@ofcoit so this is the same box??
Odd that you don't get an gateway.. Maybe because the box already a gateway on its 25 interface? Did you set the gateway to none in the 26 dhcp settings?
But there is no possible way your going to be able to talk to those 192.168.10.x dns server via that 192.168.26/24 address..
If that is the same box trying test is going to be problematic, because the box has an interface in both networks and wouldn't need or route anything to its gateway, it would just use the interface in that network to talk to something on that specific network.
-
-
I can't send what I want because it says it thinks it's SPAM - quite incorrectly.
LAN26 does not have a gateway, but LAN26 is configured to provide DHCP so it should be providing one. Both LAN25 and LAN26 have the ipv4 upstream gateway to None -
@ofcoit Try again - I believe you were hitting a catch based on the age of your account.
-
@ofcoit and your rep points are now over 5.. so spam filtering should be more forgiving.
I don't think I have ever on a windows machine, or any machine for that matter ever tried pulling dhcp from 2 different networks on the same machine. That is not a good idea really to be honest, I sure hope your just trying to do this for a test? Multi-homing can be very problematic and lead to asymmetrical routing, etc..
It could be windows saying hey I already have a default gateway, and not setting it on the other interface..
Both LAN25 and LAN26 have the ipv4 upstream gateway to None
But not in the dhcp server settings like I posted.. That should just be left blank and it would hand out its address as the gateway to dhcp clients.
You can run into issues like this.. Talking to a device that is multi-homed.
-
@rcoleman-netgate
Just for clarification, the DNS servers going to 192.168.10.x are for when the box is connected to the local domain. I don't have that connection hooked up, but when it is, those addresses will be viable.My focus right now is why isn't the dhcp server on LAN26 providing a gateway for LAN26. And how to figure it out. I replaced the dual NIC card with two single NIC cards and got the same result, so it's not the hardware. What's more I think it was working last week because I could at least get to 25.1 and pfsense web UI from LAN26.
The configuration is like this:
WAN interface -- Built-in NIC of the i5 based computer.
LAN25 NIC - occupies on PCI-X slot
LAN26 NIC - occupies other PCI-X slotpfSense is a virtual machine in the Windows server which is running in the i5 computer
The hypervisor has a configuration for connecting the NICs to the virtual machine and to whether the NIC is also shared with the Windows server itself.One laptop is connected to LAN25 NIC via cable
Other laptop is connected to LAN26 NIC via cable.The reason I'm doing this, and maybe something to re-think, is that I want to separate office traffic from video traffic. These separate LANs go to an Adtran intelligent switch where I've dedicated ports to each type of traffic.
An alternative would be to use VLANs. The requirement remains however, for the office network to be able to access the Video NAS for content. So at least LAN25 has to be able to access LAN26.
Would it be better to use a single NIC and VLANs instead of multiple NICs?
