Network unreachable
-
Hi,
Can't seem to be able to reach internet or other ips from an interface vlan (100), while everything works for LAN (VLAN10).
Firewall and Gateway/Routing should be ok, Outboud NAT also seems ok... What else should I look at? The device has the right gateway set.
Both pinging 8.8.8.8 and google,com give
ping: connect: Network is unreachableSo something is amiss...
-
@urbaman75 Check your logs. Status->System Log click on Firewall, look for your ICMP.
-
R rcoleman-netgate moved this topic from DHCP and DNS on
-
Hi,
Another quirk.
I am trying to ssh from LAN (vlan10) to management (vlan100).
In the firewall log I see
Jan 22 21:23:32 VLAN10 Default deny rule IPv4 (1000000103) 10.0.10.37:58066 10.0.100.11:22 TCP:PAAlready added the rule(s) (also directly from the Firewall log) to permit it, but the firewall still stops them:
VLAN10 Rules:
VLAN100 Rules:
-
Ok, first problem solved: the device did not have the default route, don't know why it did not apply it.
Second problem remains. trying to reach intervlan connections...
-
@urbaman75 I start with simple things... ping the IP from the other IP. If it fails... Check the logs.
-
I can ping, can also ssh to it for some seconds, then the connection is closed, with the aforementioned deny rule in the logs...
-
@urbaman75
Your rules are all screwed up.
The network attached to an interface is the only thing that can be a source on that interface.
So on vlan 10 you have a 10.152.183.1 address as source, with the vlan 10 as destination. It's on the vlan 10 interface, vlan 10 can't be a destination if you're already there!Same with vlan 100.
Read up on how rules are evaluated.
It'll explain why you have those 0/0's next to rules. -
@jarhead thank you, I properly setup routing, gateway and everything else.
Now I have a different problem but probably I'll make another dedicated post.
