Routing working "randomly"

Hsilamot

So, i have several VLANs

When i try to ping from a VLAN7 machine to a VLAN101 machine it doesn't work, no ping response.

Pinging from pfsense to the VLAN101 machine works 100% of the time

Pinging from the VLAN7 machine to a VLAN226 machine works also

Firewall rules on all VLANs are the same (Allow all basically)

i can't get my head around this…

10.7.3.1 > 10.1.1.1: ICMP echo request, id 22, seq 24256, length 40
03:04:10.117129 80:c1:6e:20:ae:ce > e8:39:35:2c:77:a8, ethertype IPv4 (0x0800), length 483: (tos 0x0, ttl 128, id 30308, offset 0, flags [none], proto UDP (17), length 469)

no response

10.7.3.1 > 10.226.1.10: ICMP echo request, id 22, seq 24147, length 40
03:03:33.355102 e8:39:35:2c:77:a8 > 80:c1:6e:20:ae:ce, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 63, id 51718, offset 0, flags [none], proto ICMP (1), length 60)
    10.226.1.10 > 10.7.3.1: ICMP echo reply, id 22, seq 24147, length 40
03:03:33.359265 80:c1:6e:20:ae:ce > e8:39:35:2c:77:a8, ethertype IPv4 (0x0800), length 824: (tos 0x0, ttl 128, id 30199, offset 0, flags [none], proto UDP (17), length 810)

works perfectly….

johnpoz

well maybe 10.1.1.1 doesn't answer ping.

So I assume all these vlans are directly attached to pfsense, and all clients in these networks use pfsense as their gateway.

Hsilamot

Yes they are, but, like i said, if i do the ping from pfsense, either Web or SSH interfaces the ping is 100% ok

[2.4.2-RELEASE][admin@]/root: ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1): 56 data bytes
64 bytes from 10.1.1.1: icmp_seq=0 ttl=64 time=0.260 ms
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.183 ms
64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.186 ms
64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.184 ms
64 bytes from 10.1.1.1: icmp_seq=4 ttl=64 time=0.188 ms
64 bytes from 10.1.1.1: icmp_seq=5 ttl=64 time=0.179 ms
^C
–- 10.1.1.1 ping statistics ---
6 packets transmitted, 6 packets received, 0.0% packet loss

Derelict

If you do the ping from pfSense, the traffic is same-subnet.

If you do it from another VLAN the traffic is from a remote subnet.

Check the software/windows/symantec/etc firewall on the target node.

Hsilamot

@Derelict:

If you do the ping from pfSense, the traffic is same-subnet.

If you do it from another VLAN the traffic is from a remote subnet.

Check the software/windows/symantec/etc firewall on the target node.

how does that work?

The target does not have any firewall..

And now i'm having another issue with a port forward, which seems not to be working at all…. this is weird...