Cant Ping LAN…
-
Hi All.
I'm having a seemingly interesting problem.
I have recently built a pfSense VPS under KVM, with virtIO drivers installed. It is not at my physical location.
I can't seem to ping the LAN interface from other machines on the network.LAN is a private virtual network. (vtnet1)
I have two other servers on this same network that can ping themselves and each other, but not pfSense
pfSense cannot ping them. pfSense can ping itself (LAN)Communication through the WAN interface (vtnet0) works fine, as does ping. I have a firewall rule set up to allow me to administer over the WAN.
Can anyone assist, please? I'm not hugely experienced with FreeBSD or any of this, I'm a bit of a n00b.
Thanks,
edooze. -
What rules are on LAN?
Are you sure that the (virtual) servers are really in the (virtual) LAN of the (virtual) pfSense?
Maybe the servers are on some other virtual part of the setup and are getting out to the internet… but not through the pfSense you think they are? -
The current rules on LAN are only the default allow LAN to any and allow LAN ipv6 to any.
My apologies, pfSense is not currently set up as a gateway because, well, it doesn't work. Each server can reach the internet through their own direct connection (eth0 NIC), and the other two can also reach each other via the private network (eth1 NIC). If this makes sense.
pfSense has a LAN interface configured to the same IP subnet, (vtnet1) but nobody can see it.
The only assurance I have that the virtual lan is configured to the virtual server, is that it works with two other machines already. And if I spin up another, it works with that, too.
It would seem pfSense is having an issue, but this is the first one I've run into, as my current build works fine (local machine, not virtual)Any ideas?
TIA.
-
You could run a ping from the server/s to pfSense LAN IP and do a packet capture on pfSense, looking for packets with the pfSense LAN IP. That will tell you if anything is arriving at pfSense at all.
Also look at the ARP cache on the servers, have they even been able to get a successful ARP to find the MAC address of the pfSense LAN interface, i.e. is there an ARP entry on the server/s with pfSense LAN IP to MAC address?Those things will give a clue if the server/s and pfSense LAN interface are actually on the same virtual LAN inside the virtual setup.
-
Ok, so I've run a packet capture and got nothing despite pinging the LAN ip.
Checking the ARP cache shows an incomplete entry, suggesting it's not getting any response.
Is there any config of pfSense that I could have messed up? Despite this being a vanilla install (except for virtIO drivers and the WAN administration rule) I just want to be sure.
Thanks for your help here.
-
It does point to an issue with the virtual LAN setup that the systems are sitting on.
I suggest you post some detail of what is connected to where in your virtual machine setup, and perhaps someone who is more familiar with the VM environment you are using will spot the problem.
Others feel free to jump in at this point… -
I went back to the provider with the information we had obtained through this test, and they 'have identified an issue with the host node' my VPSs are on.
Thank you for your help, at least I could go to them with some idea of what I was talking about.
Per your signature, I'll be buying some Nepalese children a Christmas party.
Thanks again.