interface cannot ping lan to opt5
-
@rcoleman-netgate
Just for clarification, the DNS servers going to 192.168.10.x are for when the box is connected to the local domain. I don't have that connection hooked up, but when it is, those addresses will be viable.My focus right now is why isn't the dhcp server on LAN26 providing a gateway for LAN26. And how to figure it out. I replaced the dual NIC card with two single NIC cards and got the same result, so it's not the hardware. What's more I think it was working last week because I could at least get to 25.1 and pfsense web UI from LAN26.
The configuration is like this:
WAN interface -- Built-in NIC of the i5 based computer.
LAN25 NIC - occupies on PCI-X slot
LAN26 NIC - occupies other PCI-X slotpfSense is a virtual machine in the Windows server which is running in the i5 computer
The hypervisor has a configuration for connecting the NICs to the virtual machine and to whether the NIC is also shared with the Windows server itself.One laptop is connected to LAN25 NIC via cable
Other laptop is connected to LAN26 NIC via cable.The reason I'm doing this, and maybe something to re-think, is that I want to separate office traffic from video traffic. These separate LANs go to an Adtran intelligent switch where I've dedicated ports to each type of traffic.
An alternative would be to use VLANs. The requirement remains however, for the office network to be able to access the Video NAS for content. So at least LAN25 has to be able to access LAN26.
Would it be better to use a single NIC and VLANs instead of multiple NICs?
-
@ofcoit said in interface cannot ping lan to opt5:
I replaced the dual NIC card with two single NIC cards and got the same result
doesn't matter they are the same box...
Your saying NO client on the 26 network are getting a gateway.. Or just this one box that you have a leg in each network?
let me see if I do a test on a windows 10 machine, by adding another nic and setting them to be in different networks. Be back in a bit, have to find that other usb nic I have laying about.
edit: well it doesn't seem to be a windows thing with dhcp and only setting gateway on 1 interface.. I just set my now 2 interfaces to dhcp and they both have the gateway they should for those networks
-
@johnpoz Yours looks good. I run on each laptop and whichever one is connected to the LAN26 gets no gateway.
The main difference between LAN25 and LAN26 in pfSense is that LAN25 has for IPv6 Configuration Type "Track Interface" whereas LAN26 has None. Otherwise they are the same except the ip address.
The firewall rules are still as they were above. In services, both have Enable DHCP server on LANxx interface checked.
-
@ofcoit IPv6 would have nothing to do with not getting an IPv4 address and or gateway..
Odd.. hmm can you do a sniff of the dhcp traffic.. so we can see if client asks for the gateway, and if one is offered or not.
Simple way to do that would be on pfsense under diagnostics.. set it to only capture specific mac..
So for example you see from my killer interface posted its mac is b0:4f:13:0b:fd:16, so if I set a packet capture on pfsense interface that device is connected too under the host for that mac and the port 67, I will only capture dhcp stuff. Now you can do a
ipconfig /release
and then a
ipconfig /renew
And then open up the packet capture, or post the pcap here.. And you can see my client asks for the router in its dhcp discover, and its offered by pfsense in the dhcp offer.
-
@johnpoz
Well I returned to a check point where it was getting a gateway on LAN26, and voila, it's getting a gateway on LAN26 and can access pfSense at 25.1.If I recall properly one difference is in System/Routing, one of the default gateways was missing, specifically the WAN_DHCP for ipv4. Not 100% sure however.
But I still can't ping between the LANs.
-
@ofcoit if you have a gateway for IPv4 that points to pfsense 26.1 address, and you can ping 25.1 of pfsense, but can not ping other devices on the 25 network.
Then that screams firewall on the 25 device. Are you doing this test from that multihomed device?
Please stop using that for testing and use a device on the 25, and that is the only connection it has. And a device on the 26 network, and that is the only network connection it has..
If you can ping 25.1 from the 26 device but not devices on the 25 network, that again says firewall on the 25 device, or that 25 device is not using pfsense as its gateway.
-
@johnpoz
I disabled the firewall on both laptops.The configuration is as follows:\
Laptop1 -->8 port switch 1 --> LAN25 NIC inside server
Laptop2 -->8 port switch 2 --> LAN26NIC inside server
Disconnected --> WAN NIC built-in to server
Server runs pfSense as VM. pfSense has access to all 3 NICs
-
@ofcoit I can ping from pfSense to both laptops just fine. There's something blocking one laptop from sending to the other. But the firewall rules look OK. I've even added rules specifically to route 26net to 25 address and vice-versa.
-
@ofcoit I can think of:
No rule on the pfSense interface allowing ICMP.
Firewall on device not allowing ICMP from source subnet.
Missing gateway on either device.
Floating rule blocking ICMP.You might try a traceroute to see how far it gets.
-
@ofcoit The LAN25 gateway is an IPv6 address and the DHCP server is 25.1
The LAN26 gateway is 26.1 as is the DHCP server. -
@ofcoit its not a pfsense rule
I would suggest you go over the sniffing and state tables I showed you how to look at..
If client on 26 is sending traffic for 25.x to pfsense, and the rules on 26 allow it, then it would send the traffic. If pfsense doesn't get an answer there is nothing pfsense can do about that..
get a constant ping going on your 26 device to a 25.x address - look in your state table for the source IP, do you see the state as you see in my above example with lan and dmz..
-
@johnpoz At this point we have it working. Two steps.
- Changed both laptops to use static addresses. We could then ping back and forth.
- Changed back to dhcp on both laptops and set 25.1 and 26.1 as the gateways in the Services/DHCP
-
@ofcoit said in interface cannot ping lan to opt5:
set 25.1 and 26.1 as the gateways in the Services/DHCP
that is the default, dhcp server would hand out the IP address of pfsense that your running dhcp server on.
-
@johnpoz I know it's the default but it wasn't working until we typed them in
-
@ofcoit Well you got something else wrong then.. Did you do the sniff like I asked? If you remove them does it still fail?
You can look at the actual conf file.
cat /var/dhcpd/etc/dhcpd.conf
This conf file is generated, if its not showing your interface IP in their for option routers then something is wrong. Did you maybe have a space or something in that field?
