OPT Network reachability issues
-
I have an ESXi server on which I have two networks on the same virtual switch.
One is the 10.0.0.0/24 network and the other 11.0.0.0/24 network.
I have set up PFS as a router and I am able to communicate between WAN and LAN perfectly.
But I have an issue with OPT which I have renamed as LAN2.
I can ping as follows:- From WAN Network to OPT Network Port (11.0.0.1) - PASS
- From OPT Device 11.0.0.100 to WAN Network - PASS
- From OPT Device 11.0.0.100 to 11.0.0.1 - PASS
- From PFS console to 11.0.0.100 - PASS
I cannot ping from:
- From WAN to OPT Device 11.0.0.100 - FAIL
Not sure what I have got wrong. I cannot see anything in the logs either that shows a block for ICMP at all.
I have also tried adding an Allow All rule from WAN NET to OPT NET. But this also does not work.I would really appreciate some guidance.
WAN Rules
LAN Rules
OPT Rules
-
not enough info to provide much feedback.
what is clear: you are using an invalid subnet on what i can only presume is a private network.
https://en.wikipedia.org/wiki/Private_networkalso:
I have an ESXi server on which I have two networks on the same virtual switch. One is the 10.0.0.0/24 network and the other 11.0.0.0/24 network.
running multiple subnets on a single Layer2 is very bad practise
-
Hi
I have the lab isolated hence the 11 network.
I have changed this to 172.16.0.0/24 now.
The results are the same.
My vSwitch on ESX is shown in the diagram below.
I realize I should have 2 NICS but I do not at the moment. This is only a lab network where I am testing some VMs.
The issue must be to something to do with rules, as I can get PFS CONSOLE > OPT. And, also OPT > WAN-NET works fine.
I have tried adding inbound on the OPT network, and also on the WAN side to try, but does not work.A pointer on this would be nice to receive.
Jay -
I have sorted this .. thanks to all.
-
@JayS-0 said in OPT Network reachability issues:
I have sorted this .. thanks to all.
How so? Did you setup vlans and let pfsense see the tags by setting the vlan ID in esxi to 4095, did you setup port groups on your switch to isolate the vlans?
Its not really good practice, nor do you actually isolate anything just running multiple layer 3 over the same layer 2. You should isolate them physically or with vlans.
As to just a lab so just use any ole IP range you want - while sure you can technically do that. Its good common practice to use proper rfc1918 space.. Not like you don't have enough to play with, there is really little reason to use some public IP space that is not assigned to you specifically, etc.