Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing working "randomly"

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 3 Posters 704 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      Hsilamot
      last edited by

      So, i have several VLANs

      When i try to ping from a VLAN7 machine to a VLAN101 machine it doesn't work, no ping response.

      Pinging from pfsense to the VLAN101 machine works 100% of the time

      Pinging from the VLAN7 machine to a VLAN226 machine works also

      Firewall rules on all VLANs are the same (Allow all basically)

      i can't get my head around this…

      10.7.3.1 > 10.1.1.1: ICMP echo request, id 22, seq 24256, length 40
      03:04:10.117129 80:c1:6e:20:ae:ce > e8:39:35:2c:77:a8, ethertype IPv4 (0x0800), length 483: (tos 0x0, ttl 128, id 30308, offset 0, flags [none], proto UDP (17), length 469)

      no response

      10.7.3.1 > 10.226.1.10: ICMP echo request, id 22, seq 24147, length 40
      03:03:33.355102 e8:39:35:2c:77:a8 > 80:c1:6e:20:ae:ce, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 63, id 51718, offset 0, flags [none], proto ICMP (1), length 60)
          10.226.1.10 > 10.7.3.1: ICMP echo reply, id 22, seq 24147, length 40
      03:03:33.359265 80:c1:6e:20:ae:ce > e8:39:35:2c:77:a8, ethertype IPv4 (0x0800), length 824: (tos 0x0, ttl 128, id 30199, offset 0, flags [none], proto UDP (17), length 810)

      works perfectly….

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        well maybe 10.1.1.1 doesn't answer ping.

        So I assume all these vlans are directly attached to pfsense, and all clients in these networks use pfsense as their gateway.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07 | Lab VMs 2.8, 25.07

        1 Reply Last reply Reply Quote 0
        • H Offline
          Hsilamot
          last edited by

          Yes they are, but, like i said, if i do the ping from pfsense, either Web or SSH interfaces the ping is 100% ok

          [2.4.2-RELEASE][admin@]/root: ping 10.1.1.1
          PING 10.1.1.1 (10.1.1.1): 56 data bytes
          64 bytes from 10.1.1.1: icmp_seq=0 ttl=64 time=0.260 ms
          64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.183 ms
          64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.186 ms
          64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.184 ms
          64 bytes from 10.1.1.1: icmp_seq=4 ttl=64 time=0.188 ms
          64 bytes from 10.1.1.1: icmp_seq=5 ttl=64 time=0.179 ms
          ^C
          –- 10.1.1.1 ping statistics ---
          6 packets transmitted, 6 packets received, 0.0% packet loss

          1 Reply Last reply Reply Quote 0
          • DerelictD Offline
            Derelict LAYER 8 Netgate
            last edited by

            If you do the ping from pfSense, the traffic is same-subnet.

            If you do it from another VLAN the traffic is from a remote subnet.

            Check the software/windows/symantec/etc firewall on the target node.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • H Offline
              Hsilamot
              last edited by

              @Derelict:

              If you do the ping from pfSense, the traffic is same-subnet.

              If you do it from another VLAN the traffic is from a remote subnet.

              Check the software/windows/symantec/etc firewall on the target node.

              how does that work?

              The target does not have any firewall..

              And now i'm having another issue with a port forward, which seems not to be working at all…. this is weird...

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.