New firewall not routing traffic
-
I've attached a screen shot of the output from a netstat -rn. This is the same as my default gateway, which is the pfsense WAN interface, so I assume I don't need any static routes?
-
I can also ping the 192.168.52.78 address but not the LAN side of the pfSense 192.168.1.78
-
I'm a bit confused at your routing table. Do you have an interface on both subnets? In any case, your next hop for the 192.168.1.0 subnet is 192.168.1.91, which is not your stated LAN or WAN interface address. I'd try adding a static route for 192.168.1.16 and 192.168.1.78 to 192.168.52.78. You have a really strange routing table there, and that is going to cause some complication. I'd lab this out on a completely different set of subnets first, personally.
-
The routing table is okay, but your overall setup is very strange as said already.
The computer (192.168.52.95) from which the screenshot is is attached to your WAN interface of pfSense and you have configured the WAN IP (192.168.1.78) as gateway for its interface.
And your LAN net is 192.168.1.78 /24.Okay, so WAN and LAN are different networks and you cannot ping a LAN computer from WAN side unless you set appropriate NAT rules. You have to set up NAT port forwarding rules and firewall rules for that. You can forward ICMP to a LAN computer or to LAN address.
Then the ping should work, however the ping destination you have to enter is still a WAN address. -
That's incorrect, his configuration will work without any NAT whatsoever. The routing table is not correct, anything destined for 192.168.1.16 from the 192.168.52.0/24 network needs to have 192.168.52.78 as its next hop - not 192.168.1.91 as is reflected in that routing table.
-
Thanks for all the input guys, I've added a static route, does this look better? as it still doesn't work :(
===========================================================================
Interface List
13 …02 bf c0 a8 01 5d ...... Intel(R) PRO/1000 MT Network Connection #2
10 ...00 50 56 83 5f 58 ...... Intel(R) PRO/1000 MT Network Connection
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.nor.norlandtech.com
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.{6832356F-FDB4-45A8-8ED9-4AF0F07FE655}IPv4 Route Table
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.52.78 192.168.52.95 258
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.52.78 192.168.52.95 3
192.168.1.91 255.255.255.255 On-link 192.168.1.91 257
192.168.1.93 255.255.255.255 On-link 192.168.1.91 257
192.168.52.0 255.255.255.0 On-link 192.168.52.95 258
192.168.52.95 255.255.255.255 On-link 192.168.52.95 258
192.168.52.255 255.255.255.255 On-link 192.168.52.95 258
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.91 257
224.0.0.0 240.0.0.0 On-link 192.168.52.95 258
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.91 257
255.255.255.255 255.255.255.255 On-link 192.168.52.95 258Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.52.78 Default
192.168.1.0 255.255.255.0 192.168.52.78 1IPv6 Route Table
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-linkPersistent Routes:
None -
I'm just trying to troubleshoot this problem, using the web gui of the firewall, should I be able to ping from the WAN to 192.168.1.16? The firewall rules are there to allow this, but no routing is setup on the frewall.
-
If you have a 192.168.1.78 address set up, yes, you should be able to ping 192.168.1.16 from the firewall's WAN interface. Shouldn't need any static routes on the firewall.
I've replicated your exact address configuration (aside from your routing table weirdness), and it works right out of the box. Are you able to ping 192.168.52.95 from 192.168.1.16?
-
hmm, that is very strange,
I am unable to ping 192.168.52.95 from 192.168.1.16, but would I need a route added to this machine for it to work?
the 192.168.1.78 is the ip of the LAN interface on the firewall, and I cannot ping this from the WAN via the firewall gui.
-
Post the routing table of your LAN device, and post your current LAN and WAN firewall rules.