interface cannot ping lan to opt5
-
@johnpoz
Well I returned to a check point where it was getting a gateway on LAN26, and voila, it's getting a gateway on LAN26 and can access pfSense at 25.1.If I recall properly one difference is in System/Routing, one of the default gateways was missing, specifically the WAN_DHCP for ipv4. Not 100% sure however.
But I still can't ping between the LANs.
-
@ofcoit if you have a gateway for IPv4 that points to pfsense 26.1 address, and you can ping 25.1 of pfsense, but can not ping other devices on the 25 network.
Then that screams firewall on the 25 device. Are you doing this test from that multihomed device?
Please stop using that for testing and use a device on the 25, and that is the only connection it has. And a device on the 26 network, and that is the only network connection it has..
If you can ping 25.1 from the 26 device but not devices on the 25 network, that again says firewall on the 25 device, or that 25 device is not using pfsense as its gateway.
-
@johnpoz
I disabled the firewall on both laptops.The configuration is as follows:\
Laptop1 -->8 port switch 1 --> LAN25 NIC inside server
Laptop2 -->8 port switch 2 --> LAN26NIC inside server
Disconnected --> WAN NIC built-in to server
Server runs pfSense as VM. pfSense has access to all 3 NICs
-
@ofcoit I can ping from pfSense to both laptops just fine. There's something blocking one laptop from sending to the other. But the firewall rules look OK. I've even added rules specifically to route 26net to 25 address and vice-versa.
-
@ofcoit I can think of:
No rule on the pfSense interface allowing ICMP.
Firewall on device not allowing ICMP from source subnet.
Missing gateway on either device.
Floating rule blocking ICMP.You might try a traceroute to see how far it gets.
-
@ofcoit The LAN25 gateway is an IPv6 address and the DHCP server is 25.1
The LAN26 gateway is 26.1 as is the DHCP server. -
@ofcoit its not a pfsense rule
I would suggest you go over the sniffing and state tables I showed you how to look at..
If client on 26 is sending traffic for 25.x to pfsense, and the rules on 26 allow it, then it would send the traffic. If pfsense doesn't get an answer there is nothing pfsense can do about that..
get a constant ping going on your 26 device to a 25.x address - look in your state table for the source IP, do you see the state as you see in my above example with lan and dmz..
-
@johnpoz At this point we have it working. Two steps.
- Changed both laptops to use static addresses. We could then ping back and forth.
- Changed back to dhcp on both laptops and set 25.1 and 26.1 as the gateways in the Services/DHCP
-
@ofcoit said in interface cannot ping lan to opt5:
set 25.1 and 26.1 as the gateways in the Services/DHCP
that is the default, dhcp server would hand out the IP address of pfsense that your running dhcp server on.
-
@johnpoz I know it's the default but it wasn't working until we typed them in
-
@ofcoit Well you got something else wrong then.. Did you do the sniff like I asked? If you remove them does it still fail?
You can look at the actual conf file.
cat /var/dhcpd/etc/dhcpd.conf
This conf file is generated, if its not showing your interface IP in their for option routers then something is wrong. Did you maybe have a space or something in that field?
