Unable to ping across interfaces
-
Hi all, I have a simple question here that I'm struggling with. Thanks in advance for looking and helping me learn what's going on.
I have a UFiber Nano G plugged directly into IGB1. It's got a static IP of 192.168.2.200 and IGB1 is assigned to OPT5 with a static IP of 192.168.2.1.
I'm able to ping the Ufiber from PFSENSE, but despite my best efforts with trial and error on the LAN firewall rules, my client on LAN cannot ping it.
Appreciate any insights you can offer.
-
-
@oldgeezy that seems to point what your pinging either sending its answer to somewhere else, or doesn't have a gateway (pfsense) to be able to send the answer. Or its mask is wrong say a /16 vs a /24 and thinks 1.20 is on its own network so it doesn't send answer back to pfsense to get back to 1.20
Or it has a firewall that says hey.. That guy pinging me is not on my local network (not allowed via my firewall).. So not going to answer him.
You list that 2.200 box is a static IP? Did you set its gateway to pfsense IP on that opt5 network? Did you set the mask correctly?
-
@johnpoz Thanks very much for your response.
Did you set its gateway to pfsense IP on that opt5 network? Did you set the mask correctly?
I tried all manner and sorts of things. Never was able to get it to respond to a ping while in bridge mode. I think I had the netmask set correctly and I tried a few different gateway setups. I might have had a valid setup at some point and just not realized it because I didn't toggle the interface or some other gotcha...
The good news is, I was able to make the end goal work through sheer brute force autistic trial and error. I had been wanting to work a few things out before trying to cut-over. Last time was a disaster with low WAF.
I had to rewrite the SN to match my mega-tel shitbox. The password I needed was available from their router web UI. The instructions here were key:
https://github.com/palmerc/AESCrypt2?tab=readme-ov-file
I'm happy that it's working, but I'm not sure if I'm actually avoiding double-NAT or not. Being in "router-mode" feels wrong to me, as my goal was to cut out the ISP router.
In any case, I'm able to access the webUI from pfSense LAN now which is great. Maybe at some point i'll see if I can get bridge mode to work. I think that partly depends on things going on on the fiber side which is way over my head.
Thanks again - just thinking through your response helped me organize my thoughts and work through it.
-
Do you also see an outbound state on OPT5? If not you may have a routing conflict.
If do then the GPON device probably has no route back to 192.168.1.X so it's sending replies out via it's WAN connection. Which I assume is the GPON.
-
@stephenw10 said in Unable to ping across interfaces:
If do then the GPON device probably has no route back to 192.168.1.X so
Yup should of added that to my list of possible reasons you can ping from from pfsense IP on the opt5 network, but not some other network..
Should of added to my first post.. But one work around for pretty much all the reasons when you can ping the device from an IP on its network (ie pfsense) but not other devices on your other networks is to source nat, or outbound nat on your opt5 interface.. So when you talk to the 2.200 IP from your 192.168.1.x network it thinks the traffic is coming from pfsense 2.1 address.
-
Oops had the page open overnight and missed all the repies.
-
@stephenw10 hahah, but its good... I believe this comment could be considered as covering the no route problem, or wrong route
"what your pinging either sending its answer to somewhere else"
But I like the clarity of making sure route is there to send it to back to pfsense.. Will keep that in mind for next thread we get about such an issue. Which I know there will be, since it is a common question to be honest ;)
