Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange behaviour with pfSense and 4G

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 228 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dvb
      last edited by

      Hello,

      I am testing a configuration in Homelab environment using Proxmox PVE + pfsense.

      1. Main points

      • pfsense is behind an ISP's box, on Proxmox's VM.
      • ISP's box redirect all traffic -> pfsense WAN (using DMZ)
      • PVE has a single NIC.
      • Traffic separation is done via vlans :
        -> Internet is on vlan600
        -> Proxmox are on vlan444
        -> printer is on vlan30

      2. From vlans -> Internet
      ->Everything is normal.

      3. From Internet -> vlans using external wired connection
      -> I can't ping anything, it's OK.

      4. From Internet -> vlans using 4G Android mobile at home and Termux app
      -> I can ping devices like printer, PVE1, etc...
      -> I double checked, my phone was on 4G mode (WIFI off).

      I dont' understand :

      • How a non routable adress like 172.16.30.100 can be ping through Internet without vpn.
      • 4G ping is coming from fiber ISP, then ping should be KO like a ping from another external box.

      Did I missed something ?
      Could you please help me explain and correct this behavior ?

      Thanks !

      9bde3f54-3f3a-4ef1-b4a5-8e0462627187-image.png

      G 1 Reply Last reply Reply Quote 0
      • G
        Gblenn @dvb
        last edited by Gblenn

        @dvb said in Strange behaviour with pfSense and 4G:

        There is no way any outside IP can ping your local devices, either through your ISP router or pfsense. Your mobile ISP would have no clue where to route such a request...

        I think there is only one explanation... that the phone is actually connected to the 172.16.10.1/24 network.
        Either you have some VPN/Tailscale running which can connect it to your LAN. Or it is in fact actually on wifi although you think it's off.

        Or perhaps another explanation is that the mobile ISP is using 172.16.NN subnet for their mobile clients and you are pinging someone elses phone or tablet... Check your IP on the phone...

        D 1 Reply Last reply Reply Quote 0
        • D
          dvb @Gblenn
          last edited by

          @Gblenn said in Strange behaviour with pfSense and 4G:

          There is no way any outside IP can ping your local devices, either through your ISP router or pfsense. Your mobile ISP would have no clue where to route such a request...

          I agree with you, because these are non routable IP adresses.

          I think there is only one explanation... that the phone is actually connected to the 172.16.10.1/24 network.
          Either you have some VPN/Tailscale running which can connect it to your LAN. Or it is in fact actually on wifi although you think it's off.

          Even though I didn't detect anything, this seems the most logical.

          Or perhaps another explanation is that the mobile ISP is using 172.16.NN subnet for their mobile clients and you are pinging someone elses phone or tablet... Check your IP on the phone...

          This hypothesis is not possible because I could ping only my devices. And I just checked again, my phone IP is on a different range : 92.184.x.y

          I didn't indicate it, because I uninstalled the server in the meantime, but I did some tests with OpenVPN. Even if it seems impossible to me, it gives the impression of a persistence of the tunnel

          Anyway, I just checked and everything is back to normal.

          Thank you for looking into this situation !

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.