ping problem with pfsense, need to reboot each time a NIC restarts
-
Hello !
Im using PFSense 2.6.0 on VMWare, I use it as a virtual router that has a LAN interface for my VMs (192.10.0.0/24) and a WAN interface for internet (uses DHCP). I also disabled DNS on LAN interface.
For some reason, each time I reboot a host or reboot a Network Interface Card, PFSense LAN interface and the host can't ping anymore (tested with windows and debian hosts)
But if I reboot PFsense, the ping works again from both sides. Then if I reboot my NIC or the host afterwards, ping doesnt work again.... Until I restart pfsense
Do you guys have an idea about something I could try ? I tried disabling the firewall in the web interface, nothing changed.
I also tried packet capture with any protocol but nothing happens when I send the ping, no packets..Thanks, regards
-
What exactly do you mean by 'reboot the NIC'?
Check the routing tables. Check the ARP tables.
What error is shown when you try to ping? Both ways?
Steve
-
@imomushi said in ping problem with pfsense, need to reboot each time a NIC restarts:
reboot a Network Interface Card
Sounds as if it's turbo powered...
-
on my debian host, nothing happens and if I cancel the ping it displays the nuber of failed requests (pfsens cant ping at this point as well)
then I reboot my pfsense host
and now the ping works from both sides
Problem seems to be, if a host network card is powered AFTER pfsense, a ping won't work
-
So by 'rebooting the NIC' you mean just rebooting the host?
Is the NIC passed through to the pfSense VM?
Check the ARP and route tables.
-
ARP table :
the mac address for 192.10.0.6 is correct, but the ping stops working if I restart debian host
here is route table
-
The Debian test client is another VM in VMWare?
When it fails is it still current in the pfSense ARP table?
Is the pfSense LAN address in Debia's ARP table?Run a packet capture on LAN when you are trying to ping from Debian. Do you see the packets arriving?
-
@stephenw10 said in ping problem with pfsense, need to reboot each time a NIC restarts:
re on LAN when you are trying to ping from Debian. Do you see the packets a
ok so I capture packets when it's working and I get something in the capture as you can see in the screenshot just below
Then I used ifdown/ifup command on my debian VM..
with ICMP only I get nothing
I do get the ping request coming from pfsense but no response from the debian. for this capture I selected all packets related to the debian host, 192.10.0.15
-
ok the problem has been spotted. When I reboot a VM, the MAC address of pfsense changes (same wrong value for both VMs)
-
Ok, that's why I said to check the ARP tables.
What is that bad MAC? Some other device using the pfSense IP address?
I would expect to see warnings in the pfSense system log if there was an IP conflict. Unless it never sees the ARP responses for some reason.
-
@stephenw10
I checked my arp table on physical host and pfsense, but the bad mac address doesnt exist.Im trying to get rid of arp cache on my vm hosts using arp -d [destination IP] but it comes back again
-
It's also a VMWare MAC address. Is it setup to offer DHCP itself?
-
Yes it is. And I disabled vmware virtual network local dhcp
ANd it works. Thank you for your patience ! You really helped me out on this, have a nice day/night
