No Internet access to LAN2
-
Hey guys…
I'm quite new to pfSense but have figured out most of the things.Currently using a DL360 G4 with 4Gb of RAM with dual 3.6GHZ Xeons.
pfSense is run off DUAL 72.8GB U320 SCSI Drives in RAID 1+0Added a HP NC7170 ( dual gigabit network card - Intel Chipset ) for the server running LAGG.
I have set up for LACP on both the server ( using HP Network Utility ) and pfsense box and set static IP.Now...
I don't have any internet access from my server.
I did setup a rule to allow traffic in and out from thereAny ideas ?
-
BTW…
LAN1 has access...
Have a DLink DIR -825 Router running DD-WRT in Wireless AP and I have access to the net without any problems -
I don't have any internet access from my server.
I did setup a rule to allow traffic in and out from thereThe server is on pfSense LAN interface or OPT interface?
What access have you attempted (ping? web page? …) and what was reported when you attempted it?
On which interface did you setup the rule? And what rule did you use? Did you reset firewall states after defining the rule (see Diagnostics -> States and click on the Reset States tab)?
Do you see your access attempts in the firewall log (see Status -> System Logs, click on Firewall tab)?
-
The server is on pfSense LAN interface or OPT interface?
its was an OPT renamed to LAN2
What access have you attempted (ping? web page? …) and what was reported when you attempted it?
Ping came up to 100% loss when pinging the server, Webpages don't load at all ( Try at least a few dozen )
On which interface did you setup the rule? And what rule did you use? Did you reset firewall states after defining the rule (see Diagnostics -> States and click on the Reset States tab)?
Rule was setup on the LAN2 Interface the to allow all inbound and outbound traffic to WAN
Do you see your access attempts in the firewall log (see Status -> System Logs, click on Firewall tab)?
Haven't checked yet but i will now…
LAN2 interface (lagg0)
Status up
MAC address 00:11:0a:54:5f:c4
IPv4 address 192...*
Subnet mask IPv4 255...*
IPv6 Link Local fe80::211:aff:fe54:5fc4
Media autoselect
LAGG Protocol lacp
LAGG Ports em1 flags=1c <active,collecting,distributing>em0 flags=18 <collecting,distributing>In/out packets 1500/1494 (302 KB/368 bytes)
In/out packets (pass) 1500/11 (302 KB/368 bytes)
In/out packets (block) 812/0 (99 KB/0 bytes)
In/out errors 0/10
Collisions 0</collecting,distributing></active,collecting,distributing> -
On which interface did you setup the rule? And what rule did you use? Did you reset firewall states after defining the rule (see Diagnostics -> States and click on the Reset States tab)?
Rule was setup on the LAN2 Interface the to allow all inbound and outbound traffic to WAN
Not sure what you mean by "to WAN" - you specified the destination IP address in the firewall rule as WAN IP address or WAN subnet? You probably want something like any as the destination IP address in the firewall rule (at least for testing). A web access to (for example) http://www.google.com is unlikely to have the WAN subnet or WAN IP address as its destination IP address. If you need to tweak the firewall rule don't forget to reset states.
-
hmmm…..
Apr 24 01:24:58 routed[54817]: lagg0 (192.168.0.25/24) is duplicated by bge1 (192.168.0.1/24)
Apr 24 01:25:36 routed[54817]: lagg0 (192.168.0.25/24) is duplicated by bge1 (192.168.0.1/24)
Apr 24 01:25:36 routed[54817]: lagg0 (192.168.0.25/24) is duplicated by bge1 (192.168.0.1/24)
Apr 24 01:26:34 routed[54817]: lagg0 (192.168.0.25/24) is duplicated by bge1 (192.168.0.1/24) -
Apr 24 01:24:58 routed[54817]: lagg0 (192.168.0.25/24) is duplicated by bge1 (192.168.0.1/24)
It looks like you have two separate interfaces (lagg0 and bge1) in the same subnet (192.168.0.0/24). This is an invalid configuration. You should move one of them to a different subnet (for example, 192.168.2.0/24).
-
Gotcha…
Also I'm looking to move to private IP Adress rather than public.
Also wondering if IPv6 tunnel can allow me to watch Hulu or similar services that are restricted since the tunels are into the US -
OK…
Changed the Static IP to 10.50.100.X/24 now i can ping the address, but still no internet access.Rule is set on LAN2 to allow all incoming and outgoing to any.
Also added the IP to the route table to route to the WANHowever...
i can still ping it, but have to check in depth and see if there's anything i missed -
Hey guys…
still not working !!!
I need this taken care of ASAP -
Changed the Static IP to 10.50.100.X/24 now i can ping the address, but still no internet access.
Which static IP address. Ping from where? to where?
"Still no internet access" means what: An attempt to access the server from the internet reports "no route to host"? "timeout"? "unknown host"? or stalls with nothing showing after (say) 5 minutes? Or do you mean an attempt to access a public internet site from the server on LAN2 fails reporting "unknown host"? "no route to host"? "timeout"?
If you need this resolved ASAP then you should help readers of this thread help you by providing details of what you are attempting and what is reported. The more we, the readers, have to guess the details the more likely it is we will make incorrect guesses which will delay coming to the solution. Example detailed report: On the server whose IP address is x.x.x.x and connected to pfSense LAN2 interface whose IP address is y.y.y.y a ping to the pfSense LAN2 interface IP address gets a ping response but on an attempt by a browser to access web site … the browser reports ...
-
A diagram and some screen shots of your firewall rules, port forwards and lagg setup would probably help a lot.
Steve
-
I will do that latter on tonight when i get home…
I been away for work and need to get the website up and running ASAP so it can generate some revenue -
Hey guys…
Back at it again...
Was out of the country due to death in the family and now I'm back!!!Today i did the following:
- Changed IP address on both the server and my PF box
- Able to ping server from PF box as seen below from the ping stat
PING 192.168.x.x from 68.150.x.x: 56 data bytes
64 bytes from 192.168.x.x: icmp_seq=0 ttl=64 time=0.131 ms
64 bytes from 192.168.x.x: icmp_seq=1 ttl=64 time=0.057 ms
64 bytes from 192.168.x.x: icmp_seq=2 ttl=64 time=0.051 ms
--- 192.168.x.x ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.051/0.080/0.131/0.036 msServer still not visible on LAN 1 nor has WAN access...
No NAT rules or Bridges have been setup -
Sorry about that. :(
Reading back through this thread it looks like we never resolved what the firewall rule you put in place is.
Please post a screen shot (or copy and paste) of your LAN2 firewall rules.Also just to confirm you have LAN2 assigned to lagg0?
Steve
-
Rules for LAN1 are the same for LAN2…
Allow all and any traffic from WAN to LAN2 and From LAN1 to LAN2 and vice versa -
Rules for LAN1 are the same for LAN2…
Allow all and any traffic from WAN to LAN2 and From LAN1 to LAN2 and vice versaThese two statements do not agree unless you have changed the default LAN rule dramatically!
The rule I expect to see on LAN2 would be:
Protocol: any
Source: LAN2 net, port any
Destination: any, port any
Gateway anyThe firewall rules on an interface apply to traffic entering that interface. Therefore you need to allow traffic entering the LAN2 interface from the other end of the LAGG.
Steve
-
Actually…
i copied it the Default LAN1 Rule to LAN2 -
Ah, maybe I've misunderstood. The problem is the machine at the end of the LAGG cannot access the internet yes?
Is there anything appearing in the firewall log when you try to connect out from the server on LAN2? There shouldn't be if you have the firewall rule correct. You could try enabling logging on the LAN2 rule to check if it is working correctly.If not that I'd have to suspect a routing problem related to LAGG.
Steve
-
Thanks for the quick reply Steve…
On the Server I'm running HP Network Configuration Utility that allows the network adapter to be teamed and run LACP
I'm very tempted to dissolve the teaming and check if it will run without it and if it does then at least i tracked down my problem
