Help: LAN communication not fully working.
-
Do you have the pfSense side of the Asus router connected to the WAN port or one of the switch ports? In addition, are the machines behind the Asus router on the same subnet as the Ubuntu server?
Switch ports.
Just to be sure it wasn't the asus, I just replaced the Asus with a cheap switch.
Desktop can still ssh to ubuntu. ubuntu can't ssh to desktop.
-
A little more information.
From the desktop (hackintosh):
en0: flags=8863 <up,broadcast,smart,running,simplex,multicast>mtu 1500
options=2b <rxcsum,txcsum,vlan_hwtagging,tso4>ether bc:5f:f4:7b:0b:c5
inet6 fe80::be5f:f4ff:fe7b:bc5%en0 prefixlen 64 scopeid 0x4
inet 192.168.1.69 netmask 0xffffff00 broadcast 192.168.1.255
media: autoselect (1000baseT <full-duplex,flow-control,energy-efficient-ethernet>)
status: active</full-duplex,flow-control,energy-efficient-ethernet></rxcsum,txcsum,vlan_hwtagging,tso4></up,broadcast,smart,running,simplex,multicast>and from desktop to ubuntu server
traceroute 192.168.1.71
traceroute to 192.168.1.71 (192.168.1.71), 64 hops max, 52 byte packets
1 192.168.1.71 (192.168.1.71) 0.464 ms 0.396 ms 0.375 msfrom ubuntu server to desktop
traceroute 192.168.1.69
traceroute to 192.168.1.69 (192.168.1.69), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * * -
Which interface is your Asus side connected to, and which is your server side connected to? Do you have identical firewall rules on both?
-
Which interface is your Asus side connected to, and which is your server side connected to? Do you have identical firewall rules on both?
Wan is on Opt1
Ubuntu is on Opt 3
Asus (now just a switch) is on Opt4Opt7 is a bridge of all of the LAN ports.
I did the firewall rule on the bridged Opt7 after following a pfsense guide.
Does that not work?
-
To be honest, I haven't used bridged interfaces because my L3 switches do all the work for me, so I'm not sure how that works. Could you try plugging your hackintosh directly into Opt4 and testing the same thing? I have this suspicion that the Asus is the root of your problems, and not pfSense.
-
I hear you.
But, as I stated above, I've already removed the asus from the equation completely.
-
Ah, I missed that part. My apologies.
To my logic, it seems that in this mode pfSense is essentially acting as a switch with ACLs. This would mean that your default rule on each interface is likely still an implicit deny. Could you try setting "allow all" rules for all protocols on Opt3 and Opt4?
Also, why do you say that Opt7 is your bridge interface? BRIDGE0 is your bridge interface - each interface within that bridge, as far as I can see, gets its own separate rules.Scratch that, I was having issues with testing this and finally got the bridge0 interface to show up.
-
Ah, I missed that part. My apologies.
To my logic, it seems that in this mode pfSense is essentially acting as a switch with ACLs. This would mean that your default rule on each interface is likely still an implicit deny. Could you try setting "allow all" rules for all protocols on Opt3 and Opt4? Also, why do you say that Opt7 is your bridge interface? BRIDGE0 is your bridge interface - each interface within that bridge, as far as I can see, gets its own separate rules.
A pic of my "interfaces".
I just added the rules that you recommended.
Same result.
-
This is an interesting problem, give me a bit to recreate your scenario.
-
Thanks!
In the meantime, I'm going to try to swap out some things and dig in more. I'll report if I find anything of interest.
-
"ubuntu can't ssh to desktop."
Try this. plug ubuntu and desktop into the same switch. If SSH still doesn't work, its not pfsense problem
-
"ubuntu can't ssh to desktop."
Try this. plug ubuntu and desktop into the same switch. If SSH still doesn't work, its not pfsense problem
Connecting the ubuntu server and desktop to the same switch, and the switch to 1 port on the pfsense box worked.
Here's some other things that I've done in the meantime.
-backed up pfsense
-Updated pfsense from 2.0.5 to 2.1
-reset pfsense back to factory. (only have wan and lan ports on, ATM) and tried the above suggestion. -
To be honest, I can't even get bridged interfaces working correctly in my VM test box. I am probably missing something obvious, but it is definitely not straightforward.
-
To be honest, I can't even get bridged interfaces working correctly in my VM test box. I am probably missing something obvious, but it is definitely not straightforward.
Thanks for trying though. yeah, bridged took me forever to get set up. Which probably means I did something wrong :)