Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Getting packet loss on multi-LAN config

    Routing and Multi WAN
    2
    4
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mfil67
      last edited by

      Hello,

      I'm a fresh-new-just-registered user who's trying to fall in love with pfSense  ;D

      I'm trying to set up my office network with pfSense to replace the draytek appliance which is causing so much headache. The first results with pfSense are quite depressing though  :( :-\

      The internal network is separated into 3 different subnets, physically connected to 3 gigabit switches and to a physical ESXi server which is hosting, among the other servers, the pfSense vmware appliance. The ESXi server is physically connected to all the 3 switches and to 2 WAN.

      LAN1: 192.168.10.0/24
      LAN2: 192.168.20.0/24
      LAN3: 192.168.30.0/24

      The situation is the following:

      This is the routing table:

      This is the interfaces group:

      These are the firewall rules:

      The problem arises here though.

      If I try to ping any IP on another subnet, let's say trying to ping 192.168.30.3 (on LAN3) from the LAN1, here it is what happens:

      BUT if I try to ping from the LAN3 the same IP, the connection is succesful:

      It's so basic configuration, yet it doesn't work :( What I'm doing wrong? :(

      Please is there anybody who could shed some light on this for me?

      Many thanks in advance!

      Kind regards

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        I don't have an interface group, but I just checked the same sort of thing, and yes, a ping sourced from LAN1address to a client on LANn works fine on 2.1.1-RELEASE.
        Do you have any block rules on LAN1 that might be getting in the way before the Interface Group rules?
        (now I have forgotten which order those rules get applied - better check the pfSense book or the code :)
        Is the client 192.168.30.3 a Windows system that might be answering to its local subnet, but not to LAN1 (because of a client firewall restriction, or it does not have a default gateway set)?

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • M
          mfil67
          last edited by

          A worrying doubt just raised….

          I'm planning to do the full replacement during the weekend to not impact too much the office network, so I'm still using the Draytek gateway AND I'm setting up the pfSense configuration. So the gateway on the PC I'm trying to ping is still the Draytek one, not pfSense.

          That might be the issue?

          1 Reply Last reply Reply Quote 0
          • M
            mfil67
            last edited by

            Shame on me, THAT was the issue  :-X

            the gateway on the destination IP was yet the Draytek one, thus the ICMP packet was being lost during the path.

            You just made my day! Many thanks Phil!!  :D

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.