Cannot ping another subnet? (SOLVED)

jahonix

you mean 10.10.2.255?

nope.

10.10.2.86/21 also means:

| Network address: | 10.10.0.0 |
| Host-IPs from: | 10.10.0.1 |
| Host-IPs to: | 10.10.7.254 |
| Broadcast address: | 10.10.7.255 |
| |
| # of hosts: | 2046 |

@killmasta93:

… how come its possible with iptables they can ...

In a broken setup like yours everything's possible. It's unpredictable.
That is why Derelict tells you like a mantra: get your network fixed first.
I have veneration for him doing so over-and-over again.

jahonix

ah, NOW I see your problem: the PC is missing, that's why you can't ping to/from it! ;D ;D ;D ;D ;D

![Bildschirmfoto 2016-02-20 um 16.26.54.png](/public/imported_attachments/1/Bildschirmfoto 2016-02-20 um 16.26.54.png)
![Bildschirmfoto 2016-02-20 um 16.26.54.png_thumb](/public/imported_attachments/1/Bildschirmfoto 2016-02-20 um 16.26.54.png_thumb)

Derelict

@killmasta93:

You have a host with an interface configuration of 10.10.2.86/21. Its broadcast address is 10.10.7.255.

you mean 10.10.2.255?

No, I mean 10.10.7.255. That is the IP broadcast address for a host configured with 10.10.2.86/21. Don't believe me, how about my handy calculator?

And it doesn't matter. 10.10.1.255 != 10.10.2.255 either.

Quick question how come its possible with iptables they can ping each other by adding the rules.

Don't know don't care. That design is broken. I don't hassle making broken configs "work". I fix them.

![Screen Shot 2016-02-20 at 8.47.23 AM.png](/public/imported_attachments/1/Screen Shot 2016-02-20 at 8.47.23 AM.png)
![Screen Shot 2016-02-20 at 8.47.23 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-02-20 at 8.47.23 AM.png_thumb)

killmasta93

thanks for the replies,
alright so let me start from scratch

So all the servers will be on the 10.10.1.0/24

pfSense will have an Ip of 10.10.1.218 the gateway

with LAN 10.10.1.218/24

Then the windows server 2012r2 which has an ip of 10.10.1.200
gives out the DHCP of 10.10.2.0/24

So would i need to reconfigure my DHCP scope?

So i setup a separate test environment

internet–----pfSense-------switch-----computer static ip 10.10.2.86/24

I see the arp but when i try to ping nothing :(
Thank you

Clipboarder.2016.02.21-007.png

Clipboarder.2016.02.21-008.png

Derelict

Dude.

Then the windows server 2012r2 which has an ip of 10.10.1.200 gives out the DHCP of 10.10.2.0/24

10.10.1.0/24 and 10.10.2.0/24 need to be different network segments. THEY CANNOT SHARE THE SAME WIRE (aka broadcast domain) if you want the network to behave in a sane fashion.

killmasta93

Dude.

Im so sorry im not sure why im so confused if its this week..

Alright i got that it has to be a different segment which he has it right now as 10.10.2.86 with subnet of 255.255.248.0

So not sure what I need to change or am i overthinking it?

Thank you and sorry for being so retarded :(

Derelict

Two different segments - two different pfSense interfaces (physical or VLAN). with routing between 10.10.1.0/24 and 10.10.2.0/24.

Like I said that network needs a complete redesign.

killmasta93

WELLL i feel like an idiot….all i had to do is change pfSense LAN to /21 .....i dont know why i complicated myself something so simple..

Thanks again

Derelict

SMH

killmasta93

its those days that nothing works out…But now that i told my friend to change the whole network hes going back to 192.168.1.1/24 and putting VLANS so the network does not get congested

Thanks again

Derelict

If you're going to renumber and redesign, take the opportunity to get off 10/8 and 192.168.0.0 and 192.168.1.0/24.

For VPN purposes, it's better to be on networks that do not conflict with a billion or so other networks worldwide.

A couple random choices:

172.28.95.0
192.168.213.0

killmasta93

Good idea Will take your advice :)