Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can only ping one way

    DHCP and DNS
    2
    4
    205
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 1
      1.21Gigawatts
      last edited by 1.21Gigawatts

      I created a thread about this in L2/Switching/VLANs but now im wondering if its a DNS problem.

      Basically computers on igc1 (LAN 192.168.1.0/24) can ping my Ubuntu Server on igc3 (192.168.3.0/30), but the Server cant ping them.

      I set 192.168.3.2 as the Server static IP by editing the .yaml file on the Ubuntu server, and gave its igc3 gateway as one of the name servers 192.168.3.1, but im wondering if that is the problem? Should i instead use the LAN gateway ip as the name server? (192.168.1.1)

      # This is the network config written by 'subiquity'
network:
  ethernets:
    eno1:
      addresses:
      - 192.168.3.2/30
      nameservers:
        addresses:
        - 192.168.3.1
        - 1.1.1.1
        - 1.0.0.1
        - 8.8.8.8
        - 8.8.4.4
        search: []
      routes:
      - to: default
        via: 192.168.3.1
    enp3s0:
      dhcp4: true
  version: 2

      I just dont get why i can ping to the server, but not from server back to LAN ?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @1.21Gigawatts
        last edited by

        @1-21Gigawatts said in Can only ping one way:

        Basically computers on igc1 (LAN 192.168.1.0/24) can ping my Ubuntu Server on igc3 (192.168.3.0/30), but the Server cant ping them.

        Normally computers block access from outside of their own subnet by default.
        So if you didn't allow this access in their firewall, that is expected.

        I set 192.168.3.2 as the Server static IP by editing the .yaml file on the Ubuntu server, and gave its igc3 gateway as one of the name servers 192.168.3.1, but im wondering if that is the problem? Should i instead use the LAN gateway ip as the name server? (192.168.1.1)

        Pinging an IP address does not need DNS. So this won"t be a reason here
        Apart from that you can specify any address of pfSense as DNS, as long as the client is allowed to access it by firewall rules and has a proper route.

        1 1 Reply Last reply Reply Quote 0
        • 1
          1.21Gigawatts @viragomann
          last edited by

          @viragomann

          all sorted.

          not sure why it cuased a problem, but specifying the gateway WANgroup i created in the server firewall rules was the cause of this. When i set the gateway in the firewall rule back to default, it worked (even thought under System/Routing/Gateways that same WANgroup is set as defualt)

          🤷

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @1.21Gigawatts
            last edited by

            @1-21Gigawatts
            This is policy routing then. Such rules direct all matching traffic to the stated gateway. Hence it is not convenient to allow access to internal destinations.

            If you want to do policy routing you have create separate rules for destinations inside your network.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.