Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing Between LANs

    Scheduled Pinned Locked Moved
    Routing and Multi WAN
    2
    3
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      firebert
      last edited by

      I have 3 subnets configured on my pfSense box, all on their own VLAN, truncked (dot1q) to a Cisco 2950. 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24. I am having issues routing between them. All subnets have internet access, and all subnets can access the pfSense web config. The issue is when I attempt to ping (I have also tried SSH, telnet and HTTP) between networks. I have tried this with the firewall disabled in the advanced settings, still with no luck.

      I am pinging from 192.168.2.101 to the Cisco switch at 192.168.1.10. I have placed the Cisco switch in ip debug icmp mode to show the pings. The Cisco switch properly replies to the pings, so packets are being routed from the .2 to the .1 network, but they are not ever making it back to the other network. I have also tried this in reverse to no avail.

      I have checked the routing tables in pfSense, and it properly shows routes to all networks with U (usable) flags. I have even done a packet capture on the interfaces. I can see the echo requests (.2 to .1) but no echo replies (.1 back to .2). I can tell on the switch that the replies are being sent!

      I am at my wit's end trying to get this to work! I've tried to include as much as info as I can, but I'll be happy to post any more info if needed.

      Pinging PC (Windows 7/Firewall Disabled)

      Pinging 192.168.1.10 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.10:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

      Cisco 2950

      6d00h: ICMP: echo reply sent, src 192.168.1.10, dst 192.168.2.101
6d00h: ICMP: echo reply sent, src 192.168.1.10, dst 192.168.2.101
6d00h: ICMP: echo reply sent, src 192.168.1.10, dst 192.168.2.101
6d00h: ICMP: echo reply sent, src 192.168.1.10, dst 192.168.2.101

      pfSense packet capture on the 192.168.1.1 interface

      20:54:34.274163 IP 192.168.2.101 > 192.168.1.10: ICMP echo request, id 1, seq 131, length 40
20:54:39.209421 IP 192.168.2.101 > 192.168.1.10: ICMP echo request, id 1, seq 132, length 40
20:54:44.209114 IP 192.168.2.101 > 192.168.1.10: ICMP echo request, id 1, seq 133, length 40
20:54:49.209034 IP 192.168.2.101 > 192.168.1.10: ICMP echo request, id 1, seq 134, length 40

      pfSense Routing Table

      
192.168.1.0/24 	link#3 	U 	0 	2627121 	1500 	re0 	 
192.168.1.1 	link#3 	UHS 	0 	0 	16384 	lo0 	 
192.168.2.0/24 	link#9 	U 	0 	60258 	1500 	re0_vlan2 	 
192.168.2.1 	link#9 	UHS 	0 	0 	16384 	lo0 	 
192.168.3.0/24 	link#10 	U 	0 	0 	1500 	re0_vlan3 	 
192.168.3.1 	link#10 	UHS 	0 	0 	16384 	lo0
      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        What does the Cisco switch think is its gateway? Maybe it is sending the echo replies to somewhere else, other than the pfSense LAN address?

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • F
          firebert
          last edited by

          Phil, you nailed it. I was thinking it was something that simple, just didn't think of it for some reason. Thanks a ton! Everything works great now.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.