Having LAN issues related to a new switch
-
I don't understand what you mean. All clients on the same network talk directly to each other. They only need to talk to pfSense if the traffic needs to be routed to a different network. Since your two clients are on the same LAN, they talk directly to each other via the switch. Their traffic is never even seen by pfSense LAN interface at all.
-
Taken directly from the logs a few seconds ago.....
May 14 19:03:01 LAN LAN allow (1557864558) 192.168.0.103:53837 192.168.0.2:3406 TCP:S
As I said, traffic from LAN-Interface to any LAN-Device and vice-versa IS logged.
So, I should at least see the PC going to the Interface.....but for these connections I do not.
That's what's got me puzzled.So let's say I try to connect to 192.168.0.2 from 192.168.0.3.
I should see a log entry going at least to 192.168.0.2 -
That means that the client was trying to open a connection (SYN) to pfSense LAN, for whatever reason. That doesn't show it using pfSense to talk to the other client.
Look, this is basic networking. You asked for help. Why are you now arguing?
What are these clients? Windows? Linux? Mac?...
-
@HansSolo said in Having LAN issues related to a new switch:
So let's say I try to connect to 192.168.0.2 from 192.168.0.3.
I should see a log entry going at least to 192.168.0.2No, you should not. Or at least not unless you've got a port-forward in place that NATs some external IP back into your LAN to the other client.
-
arguing?
My my. Am I coming across that way? Sry. Your help is appreciated.I guess what's going on here is that the WG Fireboxes I came from ALWAYS logged this traffic.
I'm used to seeing it.
I guess it's just something else I have to adjust to.
Annnnnd maybe I just realized why it might have......hmmmmBuit you're right....how can it log traffic that isn't going through it?
-
All I am saying is believe me when I tell you that inter-LAN comms go direct without hitting pfSense. Trust me. NOw about those clients?
-
Windows
-
Windows firewall will automatically block traffic from a different subnet, but it should allow local traffic. As a test, disable the firewall on both clients and try your ping test again.
Perhaps your Wireguard was running its LAN interface in promiscuous mode and sucking up every packet it saw hitting its buffer.
-
@HansSolo said in Having LAN issues related to a new switch:
So let's say I try to connect to 192.168.0.2 from 192.168.0.3.
I should see a log entry going at least to 192.168.0.2Incorrect. Traffic will not hit the firewall unless the destination is outside of 192.168.0.0/24. If both PC's are in the same subnet, you can disconnect PFsense altogether and the two devices will still communicate because the switch is flooding the frame to all ports in the same broadcast domain and will forward the frame to the correct port one it learns the MAC address from the destination PC.
If you're having communication issues between two devices in the same subnet, you either have a windows firewall issue or a configuration issue within the software/protocol that you're trying to communicate with.
When you say you cannot communicate between PC's... what exactly are you trying to do?
-
Never. I ALWAYS disabled Promiscuous mode.
But now I'm gonna go back and connect these two to that Firebox just to see.
I'm not sure HOW it logged that traffic. But it did. -
Either the traffic was between different subnets, or the NIC was in promiscuous mode, or some other device was in promiscuous mode and relaying what it saw to the WG box. It has to be something special because tcp/ip works the same way everywhere. Local IPv4 clients find each other via ARP and talk direct.
-
-
Can you ping from one to the other? Have you disabled both firewalls and tried to ping?
I have to leave for a little bit. BBL.
-
@HansSolo said in Having LAN issues related to a new switch:
Just trying to get two PC's on a local network share.
As stated already this has ZERO to do with pfsense - ZERO... Other than it being your dhcp server I assume, when it come to device A talking to B that are both on the same network... The router/gateway (pfsense) has ZERO to do with that conversation - zero!!
-
IF = Then.
If destination address lies within your subnet Then client one goes direct to client two.
If destination address lies outside your subnet Then the client traffic is directed at the gateway address. If and only then.
-
@HansSolo said in Having LAN issues related to a new switch:
Not only can I not communicate between these PC's
That has nothing to do with pfSense. Communication between devices on a local LAN do not pass through it.
-
@HansSolo
You typed in your original post that all IP addresses are set static. You should go and check all hosts to make sure you typed all the IP addresses in the same subnet and mask. Why don’t you let pfsense DHCP all your network addresses? Then, if you put the hosts on the same physical network, they can all talk to each other, if setup properly.Jeff
-
@JKnott said in Having LAN issues related to a new switch:
@HansSolo said in Having LAN issues related to a new switch:
Not only can I not communicate between these PC's
That has nothing to do with pfSense. Communication between devices on a local LAN do not pass through it.
right. Like I said, I think I was losing my mind that evening ;-)
thx -
@akuma1x said in Having LAN issues related to a new switch:
@HansSolo
You typed in your original post that all IP addresses are set static. You should go and check all hosts to make sure you typed all the IP addresses in the same subnet and mask. Why don’t you let pfsense DHCP all your network addresses? Then, if you put the hosts on the same physical network, they can all talk to each other, if setup properly.Jeff
Jeff,
Good question.
LONG ago I set up two totally separate networks, OPT1 and OPT2 for various reasons. I never liked DHCP and never really needed it because my network doesn't have various users or devices coming and going. everything is static and I like the control that you hav with static IPs. That and I have some devices that I need to occasionally access remotely and they need to have static IP's. -
You can still do that with DHCP and static reserved addresses in pfsense, really easy.
Jeff
