Can ping other machines on subnet, but not the gateway
-
Have you tried the universal fix, rebooting it?
What about local client firewalls? Some OSes will automagically block traffic from outside the local subnet. You said it was working before the weekend. Did you apply any OS patches? Did anything change between when it was last working and now? Anything weird in the System log?
-
Nothing changed. No patches applied. This is all being setup from scratch. New firewalls, new supermicro servers. I was able to mount a virtual disk hosted on an SMB share on 192.168.100.20 onto a supermicro using IPMI on Friday. I did this from two physical supermicro servers on the OPT3 subnet. On each, I installed Debian Stretch and KVM. From Debian, I cannot ping the gateway from either box, and I can no longer mount that SMB share in IPMI. I see nothing strange in the logs.
-
Any other network equipment in between anything? I'm starting to run out of ideas. If you know Wireshark, you could try packet-capturing from each end and see what's going on. That might help isolate the prob;em.
If you're desperate, you could try backing up your configurations, reinstalling from scratch and then restoring and see if it just fixes itself. Normally I wouldn't suggest random actions like that with hopes & prayers, but like you said it used to work.
-
What other rules are on those interfaces? Please provide a complete picture instead of cropping everything out.
It makes no sense to have rules sourcing from LAN network on the RSS_NET interface. That will never happen.
Please also provide captures of the interfaces in question from Status > Interfaces.
Any IPsec? Any policy routing?
-
What other rules are on those interfaces? Please provide a complete picture instead of cropping everything out.
It makes no sense to have rules sourcing from LAN network on the RSS_NET interface. That will never happen.
Please also provide captures of the interfaces in question from Status > Interfaces.
Any IPsec? Any policy routing?
The only rules on the LAN subnet are the default anti-lockout rule and the default any protocol on LAN to any. On the RSS_LAN subnet, the only rule is any protocol on RSS_LAN to any (changed since yesterday).
Yes, there are IPSec VPN tunnels, but I'm not sure why you're asking. Absolutely no policy routing in place.
![Screen Shot 2017-11-07 at 11.04.15 AM.png](/public/imported_attachments/1/Screen Shot 2017-11-07 at 11.04.15 AM.png)
![Screen Shot 2017-11-07 at 11.04.15 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-11-07 at 11.04.15 AM.png_thumb)
![Screen Shot 2017-11-07 at 11.04.24 AM.png](/public/imported_attachments/1/Screen Shot 2017-11-07 at 11.04.24 AM.png)
![Screen Shot 2017-11-07 at 11.04.24 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-11-07 at 11.04.24 AM.png_thumb)
![Screen Shot 2017-11-07 at 11.07.47 AM.png](/public/imported_attachments/1/Screen Shot 2017-11-07 at 11.07.47 AM.png)
![Screen Shot 2017-11-07 at 11.07.47 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-11-07 at 11.07.47 AM.png_thumb) -
It seems I found the issue. I had a misconfiguration in IPSec, which was apparently affecting the routing. I fixed that, and all seems well. Thanks to Derelict for mentioning IPSec…I probably wouldn't have looked.
-
I had a misconfiguration in IPSec
This misconfiguration had been there all along and just decided to act up now/ Or was this something you manually did between when it was last working and now?
-
I'm pretty sure that misconfiguration happened over the weekend when I was trying to work on it from home. My IPSec tunnel was connected to LAN, but I needed a Phase 2 to the RSS_LAN…I just set it up ass backwards and that screwed me. I guess that's what I get for trying to work at home when my wife and kids are present.
-
I did specifically ask you if you changed anything between when it was working and when it stopped…
-
Yes, and I failed to remember that I had messed with the VPN tunnel from home. I thought I had added the Phase 2 earlier in the week when I was installing the servers at the datacenter.
-
OK I'm done breaking your balls ;D
Glad it's working.