interface cannot ping lan to opt5
-
@ofcoit said in interface cannot ping lan to opt5:
25.25 to 25.250
Those would be in the same network and wouldn't go through pfsense. Is that a typo and one of those was suppose to be 26.x ?
You have some errors - see the little 2 with the bell up right corner, did your rules not load?
I see that 25 has a Default Gateway fe80::215.... and 26 does not have a default gateway.
if you don't have a IPv4 gateway, how would you get anywhere? Other then local network - maybe you have a dhcp issue, or just connectivity issue.
You say these are not vlans, and just physical - your not trying to run these connections over the same dumb switch are you?
-
@johnpoz
I appreciate you replying. To be clear let me go over what happens.- 25.25 laptop can successfully ping 25.1 and 25.250 (the server). I run the gui from a web browser on 25.25
- 25.25 pings 26.18 and gets: PING: transmit failed. General failure.
- 26.18 laptop pings 26.1 successfully
4 26.18 pings 25. and gets: PING: transmit failed. General failure. - Ping diagnostic in GUI to 26.18 fails
- Ping diagnostic in GUI to 25.250 succeeds.
How do I set up a ipv4 gateway for LAN26? Do I have to add a gateway in System/Routing/Gateways. I didn't have this set up last week and 26 could get to 25.1 and 25.250 but not today. Where does that gateway get set up?
-
@ofcoit said in interface cannot ping lan to opt5:
25.25 pings 26.18 and gets: PING: transmit failed. General failure.
that would be correct if you have no gateway..
So if I try and ping something on a different network with an interface that has no gateway. My 192.168.10.9 interface is a SAN connection only between my PC and NAS, so there are no gateways on these interfaces.
If I try and ping something off that network.
$ ping -S 192.168.10.9 8.8.8.8 Pinging 8.8.8.8 from 192.168.10.9 with 32 bytes of data: PING: transmit failed. General failure. PING: transmit failed. General failure. PING: transmit failed. General failure.Your interfaces on pfsense lan25 and lan26 should not have gateways set.. If you set a gateway on pfsense interface, then it considers it a "wan" interface - ie a connection that can be used to get to other networks.
But your clients need gateways.. that would point to pfsense IP on that network.
So for example.. Here is my pc.. on my lan..
$ ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : i9-win Primary Dns Suffix . . . . . . . : local.lan Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : local.lan Ethernet adapter Local: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Killer E2600 Gigabit Ethernet Controller Physical Address. . . . . . . . . : B0-4F-13-0B-FD-16 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.9.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.9.253 DNS Servers . . . . . . . . . . . : 192.168.3.10 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Nas-San: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek USB 2.5GbE Family Controller Physical Address. . . . . . . . . : A0-CE-C8-CC-57-DE DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.10.9(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : DisabledSo devices on your 25 network would point to pfsense 25.1 address, and devices on your 26 would point to pfsense 26.1 address as their gateway.
If your manually setting the IPs on your devices, you have to set a gateway if you want them to get to anything off their local network. If they are getting their IPs from dhcp, then that should auto hand out the gateway to the dhcp clients.
-
@johnpoz
So where does LAN26 get it's gateway set.? The LAN adapter settings are the same between the laptops and the behavior follows the LAN connection. First lan26 with no gateway
Second lan25 with gateway.
Is the LAN26 adapter not sending out the information? It's a dual-LAN card, so the driver, etc should be the same.
-
@ofcoit said in interface cannot ping lan to opt5:
So where does LAN26 get it's gateway set
I think you're asking how to set that on a PC on LAN26 but that's a confusing way to ask that...it sounds like you're trying to set a gateway on pfSense's LAN26 interface. There is no gateway set on the pfSense interface. If 192.168.26.1 is your pfSense (?) then since that's the DHCP server it should be providing itself as the gateway. On the DHCP Server tab for LAN26 the "Gateway" should be blank. Alternately you could give the PC a static IP/gateway.
With no gateway set, the PC has no idea where to send packets for 192.168.26.1. Or for the DNS server 192.168.10.229 for that matter.
-
@ofcoit so this is the same box??
Odd that you don't get an gateway.. Maybe because the box already a gateway on its 25 interface? Did you set the gateway to none in the 26 dhcp settings?
But there is no possible way your going to be able to talk to those 192.168.10.x dns server via that 192.168.26/24 address..
If that is the same box trying test is going to be problematic, because the box has an interface in both networks and wouldn't need or route anything to its gateway, it would just use the interface in that network to talk to something on that specific network.
-
-
I can't send what I want because it says it thinks it's SPAM - quite incorrectly.
LAN26 does not have a gateway, but LAN26 is configured to provide DHCP so it should be providing one. Both LAN25 and LAN26 have the ipv4 upstream gateway to None -
@ofcoit Try again - I believe you were hitting a catch based on the age of your account.
-
@ofcoit and your rep points are now over 5.. so spam filtering should be more forgiving.
I don't think I have ever on a windows machine, or any machine for that matter ever tried pulling dhcp from 2 different networks on the same machine. That is not a good idea really to be honest, I sure hope your just trying to do this for a test? Multi-homing can be very problematic and lead to asymmetrical routing, etc..
It could be windows saying hey I already have a default gateway, and not setting it on the other interface..
Both LAN25 and LAN26 have the ipv4 upstream gateway to None
But not in the dhcp server settings like I posted.. That should just be left blank and it would hand out its address as the gateway to dhcp clients.
You can run into issues like this.. Talking to a device that is multi-homed.
-
@rcoleman-netgate
Just for clarification, the DNS servers going to 192.168.10.x are for when the box is connected to the local domain. I don't have that connection hooked up, but when it is, those addresses will be viable.My focus right now is why isn't the dhcp server on LAN26 providing a gateway for LAN26. And how to figure it out. I replaced the dual NIC card with two single NIC cards and got the same result, so it's not the hardware. What's more I think it was working last week because I could at least get to 25.1 and pfsense web UI from LAN26.
The configuration is like this:
WAN interface -- Built-in NIC of the i5 based computer.
LAN25 NIC - occupies on PCI-X slot
LAN26 NIC - occupies other PCI-X slotpfSense is a virtual machine in the Windows server which is running in the i5 computer
The hypervisor has a configuration for connecting the NICs to the virtual machine and to whether the NIC is also shared with the Windows server itself.One laptop is connected to LAN25 NIC via cable
Other laptop is connected to LAN26 NIC via cable.The reason I'm doing this, and maybe something to re-think, is that I want to separate office traffic from video traffic. These separate LANs go to an Adtran intelligent switch where I've dedicated ports to each type of traffic.
An alternative would be to use VLANs. The requirement remains however, for the office network to be able to access the Video NAS for content. So at least LAN25 has to be able to access LAN26.
Would it be better to use a single NIC and VLANs instead of multiple NICs?
-
@ofcoit said in interface cannot ping lan to opt5:
I replaced the dual NIC card with two single NIC cards and got the same result
doesn't matter they are the same box...
Your saying NO client on the 26 network are getting a gateway.. Or just this one box that you have a leg in each network?
let me see if I do a test on a windows 10 machine, by adding another nic and setting them to be in different networks. Be back in a bit, have to find that other usb nic I have laying about.
edit: well it doesn't seem to be a windows thing with dhcp and only setting gateway on 1 interface.. I just set my now 2 interfaces to dhcp and they both have the gateway they should for those networks
-
@johnpoz Yours looks good. I run on each laptop and whichever one is connected to the LAN26 gets no gateway.
The main difference between LAN25 and LAN26 in pfSense is that LAN25 has for IPv6 Configuration Type "Track Interface" whereas LAN26 has None. Otherwise they are the same except the ip address.
The firewall rules are still as they were above. In services, both have Enable DHCP server on LANxx interface checked.
-
@ofcoit IPv6 would have nothing to do with not getting an IPv4 address and or gateway..
Odd.. hmm can you do a sniff of the dhcp traffic.. so we can see if client asks for the gateway, and if one is offered or not.
Simple way to do that would be on pfsense under diagnostics.. set it to only capture specific mac..
So for example you see from my killer interface posted its mac is b0:4f:13:0b:fd:16, so if I set a packet capture on pfsense interface that device is connected too under the host for that mac and the port 67, I will only capture dhcp stuff. Now you can do a
ipconfig /release
and then a
ipconfig /renew
And then open up the packet capture, or post the pcap here.. And you can see my client asks for the router in its dhcp discover, and its offered by pfsense in the dhcp offer.
-
@johnpoz
Well I returned to a check point where it was getting a gateway on LAN26, and voila, it's getting a gateway on LAN26 and can access pfSense at 25.1.If I recall properly one difference is in System/Routing, one of the default gateways was missing, specifically the WAN_DHCP for ipv4. Not 100% sure however.
But I still can't ping between the LANs.
-
@ofcoit if you have a gateway for IPv4 that points to pfsense 26.1 address, and you can ping 25.1 of pfsense, but can not ping other devices on the 25 network.
Then that screams firewall on the 25 device. Are you doing this test from that multihomed device?
Please stop using that for testing and use a device on the 25, and that is the only connection it has. And a device on the 26 network, and that is the only network connection it has..
If you can ping 25.1 from the 26 device but not devices on the 25 network, that again says firewall on the 25 device, or that 25 device is not using pfsense as its gateway.
-
@johnpoz
I disabled the firewall on both laptops.The configuration is as follows:\
Laptop1 -->8 port switch 1 --> LAN25 NIC inside server
Laptop2 -->8 port switch 2 --> LAN26NIC inside server
Disconnected --> WAN NIC built-in to server
Server runs pfSense as VM. pfSense has access to all 3 NICs
-
@ofcoit I can ping from pfSense to both laptops just fine. There's something blocking one laptop from sending to the other. But the firewall rules look OK. I've even added rules specifically to route 26net to 25 address and vice-versa.
-
@ofcoit I can think of:
No rule on the pfSense interface allowing ICMP.
Firewall on device not allowing ICMP from source subnet.
Missing gateway on either device.
Floating rule blocking ICMP.You might try a traceroute to see how far it gets.
-
@ofcoit The LAN25 gateway is an IPv6 address and the DHCP server is 25.1
The LAN26 gateway is 26.1 as is the DHCP server.
