LAN - WAN : Errors

gaudouy

Hello,

Hello, I am trying to set up Pfsense.
My server in the LAN zone can not access to Internet.

I try multiple ping with the different equipments. (router, laptop, server)
I have two erros :

Request timed out
TTL expired in transit

Here is a diagram of the infrastructure

An array of ping tests

What can I test more?

Thanks for advance :)

conor

@gaudouy
Are you routing or nating between the WAN and LAN on the pfSense?

gaudouy

Thanks for your reponse @conor

I'm doing routing.

I have two different networks 192.168.1.0 (WAN) and 192.168.2.0 (LAN). I did not set up a static route.
There is no rule in the firewal. Everything is allowed.

In the section Diagnostics / Routes why I see link# ?

It's the problem ?

In Pfsense, i have this conf :

config route.jpg

conor

Starting with the laptop...
If you are doing routing that means that SRV-1 ping will reach Laptop-1 with a source IP of 192.168.2.240, this is outside of Laptop-1 subnet so it will send the responce to 192.168.1.1. So if the router 192.168.1.1 doesn't have a route for the 192.168.2.0 network it will send the reply ping out of the network onto the web.

Assuming that the laptop firewall is off or allowing ICMP pings.

conor

@gaudouy said in LAN - WAN : Errors:

In the section Diagnostics / Routes why I see link# ?

That default route points to the interface rather than the upstream router, but that value doesn't tie in with the screen shot below it, thats weird.

gaudouy

@Conalduggan

On RT-1, the config is :

RT-1 have a route for 192.168.2.0/24.

conor

in regards to the "links" question:
https://www.freebsd.org/doc/en/books/handbook/network-routing.html

conor

@gaudouy said in LAN - WAN : Errors:

RT-1 have a route for 192.168.2.0/24.

I'd run a TCPdump on the WAN interface as you are pinging from SRV-1 to Laptop-1 and check the packets source and destination addresses. Also check for replies coming from the laptop.

gaudouy

Thanks, I will read the documentation

conor

are you checking 8.8.8.8 as the DNS?

Can you post a screen shot of: "System > General Setup" please

gaudouy

@conor Thanks, I will check it

conor

Also for gateways normally you would only have the WAN interface with an entry, i'd remove the LAN gateway, make sure on the LAN interface there is no gateway set

gaudouy

@conor
In System > General Setup , I have :

conor

@gaudouy

Ok remove the LAN side gateway then reboot and send on a screenshot of Diagnostics / Routes please

gaudouy

@conor
I have removed the LAN Gateway and ... Tadaaam !

PING SRV-1 to RT-1

ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=63
Reply from 192.168.1.1: bytes=32 time<1ms TTL=63
Reply from 192.168.1.1: bytes=32 time<1ms TTL=63
Reply from 192.168.1.1: bytes=32 time<1ms TTL=63

Ping statistics for 192.168.1.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

and SRV-1 to DNS :

ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=14ms TTL=54
Reply from 8.8.8.8: bytes=32 time=14ms TTL=54
Reply from 8.8.8.8: bytes=32 time=14ms TTL=54
Reply from 8.8.8.8: bytes=32 time=13ms TTL=54

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 14ms, Average = 13ms

Thank you very much for your help