No Internet access to LAN2
-
Gotcha…
Also I'm looking to move to private IP Adress rather than public.
Also wondering if IPv6 tunnel can allow me to watch Hulu or similar services that are restricted since the tunels are into the US -
OK…
Changed the Static IP to 10.50.100.X/24 now i can ping the address, but still no internet access.Rule is set on LAN2 to allow all incoming and outgoing to any.
Also added the IP to the route table to route to the WANHowever...
i can still ping it, but have to check in depth and see if there's anything i missed -
Hey guys…
still not working !!!
I need this taken care of ASAP -
Changed the Static IP to 10.50.100.X/24 now i can ping the address, but still no internet access.
Which static IP address. Ping from where? to where?
"Still no internet access" means what: An attempt to access the server from the internet reports "no route to host"? "timeout"? "unknown host"? or stalls with nothing showing after (say) 5 minutes? Or do you mean an attempt to access a public internet site from the server on LAN2 fails reporting "unknown host"? "no route to host"? "timeout"?
If you need this resolved ASAP then you should help readers of this thread help you by providing details of what you are attempting and what is reported. The more we, the readers, have to guess the details the more likely it is we will make incorrect guesses which will delay coming to the solution. Example detailed report: On the server whose IP address is x.x.x.x and connected to pfSense LAN2 interface whose IP address is y.y.y.y a ping to the pfSense LAN2 interface IP address gets a ping response but on an attempt by a browser to access web site … the browser reports ...
-
A diagram and some screen shots of your firewall rules, port forwards and lagg setup would probably help a lot.
Steve
-
I will do that latter on tonight when i get home…
I been away for work and need to get the website up and running ASAP so it can generate some revenue -
Hey guys…
Back at it again...
Was out of the country due to death in the family and now I'm back!!!Today i did the following:
- Changed IP address on both the server and my PF box
- Able to ping server from PF box as seen below from the ping stat
PING 192.168.x.x from 68.150.x.x: 56 data bytes
64 bytes from 192.168.x.x: icmp_seq=0 ttl=64 time=0.131 ms
64 bytes from 192.168.x.x: icmp_seq=1 ttl=64 time=0.057 ms
64 bytes from 192.168.x.x: icmp_seq=2 ttl=64 time=0.051 ms
--- 192.168.x.x ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.051/0.080/0.131/0.036 msServer still not visible on LAN 1 nor has WAN access...
No NAT rules or Bridges have been setup -
Sorry about that. :(
Reading back through this thread it looks like we never resolved what the firewall rule you put in place is.
Please post a screen shot (or copy and paste) of your LAN2 firewall rules.Also just to confirm you have LAN2 assigned to lagg0?
Steve
-
Rules for LAN1 are the same for LAN2…
Allow all and any traffic from WAN to LAN2 and From LAN1 to LAN2 and vice versa -
Rules for LAN1 are the same for LAN2…
Allow all and any traffic from WAN to LAN2 and From LAN1 to LAN2 and vice versaThese two statements do not agree unless you have changed the default LAN rule dramatically!
The rule I expect to see on LAN2 would be:
Protocol: any
Source: LAN2 net, port any
Destination: any, port any
Gateway anyThe firewall rules on an interface apply to traffic entering that interface. Therefore you need to allow traffic entering the LAN2 interface from the other end of the LAGG.
Steve
-
Actually…
i copied it the Default LAN1 Rule to LAN2 -
Ah, maybe I've misunderstood. The problem is the machine at the end of the LAGG cannot access the internet yes?
Is there anything appearing in the firewall log when you try to connect out from the server on LAN2? There shouldn't be if you have the firewall rule correct. You could try enabling logging on the LAN2 rule to check if it is working correctly.If not that I'd have to suspect a routing problem related to LAGG.
Steve
-
Thanks for the quick reply Steve…
On the Server I'm running HP Network Configuration Utility that allows the network adapter to be teamed and run LACP
I'm very tempted to dissolve the teaming and check if it will run without it and if it does then at least i tracked down my problem
-
That's a good plan.
One step at a time when things start to go wrong.Steve
-
OK…
Dissolved network card teaming, set Static IP on 1 adapter and DHCP on the other...
Did the same on my PFBox and set up the default rules on both ports
Tried one adapter at a time with no successI guess it wasn't the LAGG or LACP setup
-
Hmm, interesting.
Did you assign each adapter in turn as LAN2 or both as 2 and 3?
Reassigning adapters and ip type can sometimes result in a stale state table, with rules still in place from a previos config waiting to timeout. This can cause misleading results. You can clear the state table or reboot after a major config change to ensure everything has filtered down.Steve
-
EM0 was named SERVER and EM1 was named WIRELESS
After all the changes i restarted the firewall -
Time to get fundamental. ;)
Are you sure these NICs are working? Cables OK?
Is your box receiving DHCP inormation? Is it the correct information?Something that can catch people out (including me) is that when you create a new interface and specify it's type as static it defaults to a /32 netmask which results in no route. That is usually shown up when you try to add a dhcp server but not if you're using all static IPs.
Steve
-
All the subnet masks are /24 ( 255.255.255.0)
Cables are new out of the bag and tested them with my cable tester- Pass on all - CAT6
Box is working properly and sending and receiving DHCP info.
Tested add on card by moving my WAN port to both EM0 and EM1 with success -
And nothing in the logs? ???
Steve
