Ping problems between interfaces [SOLVED]
-
Here's my setpup.
wan - 192.168.1.108 (dhcp) usb wifi connected to another ap
lan - 192.168.2.100 (static) lan port
opt1 - 192.168.3.1 (static with dhcp enabled)opt1 is the internal wifi card setup as an access point.
What I can do is ping the wan ip from both lan and opt1 from the ping command in the pfsense diagnostics dropdown.
I can also ping 192.168.3.1 from my laptop connected to opt1.
What I can't do is ping the wan ip from my laptop (192.168.3.1).
Under the firewall rules I have one rule for each of them that allows all traffic from any protocol to/from any source and to/from any destination. My firewall log shows nothing along the lines of blocking the pings.
-
Did you really mean that you're using 192.168.3.1 for both the laptop and pfSense?
Did you create any rules on the OPT1 interface allowing access to the WAN?
-
The laptop is 192.168.3.2 and it's connected to opt1 which is 192.168.3.1 if that clears things up. Here is an image of my opt1 rules.
-
My first guess - wrong subnet mask on one or more interfaces? If any of those 192.168. networks have a /16 mask you'll have issues, exactly what depending on where that /16 mask is.
-
Good idea but they are all 255.255.255.0 /24.
-
I am having exactly the same problem - with a very similar setup except no Opt1.
I noticed that your WAN IP is a private network IP range. Look at the bottom of the WAN setup page (from memory) and here is a check box to block private IP WAN's.
You might uncheck the box and see what happens. Didn't make any difference for me, so I will be interested if it solves your problem.
Please post back if you find the problem!
-
block private networks only applies to traffic initiated on WAN, wouldn't impact this. Check the state table while you have a constant ping going, if the traffic is getting to the firewall and getting passed as it would be with that rule, it'll have a state table entry. If there isn't one and you don't have block in your firewall log, then verify with packet capture it's not entering that interface and then troubleshoot the host (missing default gateway, wrong IP/mask, etc.).
-
Ok thanks for the replies I'll get started on what you mentioned cmb. Do I need to have a gateway between lan to wan and opt1 to wan? I'm grasping at straws here.
What blows my mind is that if I'm connected to my pc I can ping 192.168.2.100 which is the pfbox, but I can't ping 192.168.1.108! There is something inside of pfsense that is simply not routing the traffic.
Edit:
I'm not sure what I'm looking for in the state table.
I did a capture on the lan interface and set 192.168.2.10 as the host. It captured the ping packets.
I repeated this process with the wan interface and not one entry was captured.
There isn't a firewall log for blocking pings, but the firewall is blocking a few things here and there mostly from public ips. This is odd because I have the rules set wide open on all interfaces.
As far as I know the host is good.. I can ping 192.168.2.100.
-
Got it. Thanks for the suggestions cmb :). It was the default gateway that my my dhcp server on the opt1 was handing out. I had it set to 192.168.1.108 for some reason. Brain fart I guess.
Maybe this will help you too Snowman58.
Time to start playing with cloning the wireless :).