2 devices in the same network, 1 can ping outside other cannot, same firewall rules..

bmeeks

@huud said in 2 devices in the same network, 1 can ping outside other cannot, same firewall rules..:

In my case there is no connectivity between the device and its directly connected interfaces, the Web GUI, nor any device or its gateway interface on the firewall.

This statement is confusing to me. If there is no connectivity between the devices how do you expect them to work? I'm obviously missing something from your description.

I think you also said you were running all of this on VMware Workstation. Running a hypervisor on top of a hypervisor (ESXi on top of VMware Workstation) is a little strange. That will set up with the virtual switches of ESXi having to cooperate with the virtual networks of VMware Workstation and Windows.

huud

@bmeeks said in 2 devices in the same network, 1 can ping outside other cannot, same firewall rules..:

@huud said in 2 devices in the same network, 1 can ping outside other cannot, same firewall rules..:

In my case there is no connectivity between the device and its directly connected interfaces, the Web GUI, nor any device or its gateway interface on the firewall.

This statement is confusing to me. If there is no connectivity between the devices how do you expect them to work? I'm obviously missing something from your description.

I'm talking about when the problem occurs, then there is no connectivity between the firewall and its directly connected interface, otherwise it works fine..

The Bogons network is set for Monthly but I could not find anything relating to IPv6 in Bogons settings

huud

@bmeeks said in 2 devices in the same network, 1 can ping outside other cannot, same firewall rules..:

@huud said in 2 devices in the same network, 1 can ping outside other cannot, same firewall rules..:

In my case there is no connectivity between the device and its directly connected interfaces, the Web GUI, nor any device or its gateway interface on the firewall.

This statement is confusing to me. If there is no connectivity between the devices how do you expect them to work? I'm obviously missing something from your description.

I think you also said you were running all of this on VMware Workstation. Running a hypervisor on top of a hypervisor (ESXi on top of VMware Workstation) is a little strange. That will set up with the virtual switches of ESXi having to cooperate with the virtual networks of VMware Workstation and Windows.

I did that to reduce the amount of resource needed to run vCenter inside ESXi which is being run on Workstation.

I understand but it works fine when all VMs are in the same network and no firewall needed.

bmeeks

@huud said in 2 devices in the same network, 1 can ping outside other cannot, same firewall rules..:

@bmeeks said in 2 devices in the same network, 1 can ping outside other cannot, same firewall rules..:

@huud said in 2 devices in the same network, 1 can ping outside other cannot, same firewall rules..:

In my case there is no connectivity between the device and its directly connected interfaces, the Web GUI, nor any device or its gateway interface on the firewall.

This statement is confusing to me. If there is no connectivity between the devices how do you expect them to work? I'm obviously missing something from your description.

I'm talking about when the problem occurs, then there is no connectivity between the firewall and its directly connected interface, otherwise it works fine..

The Bogons network is set for Monthly but I could not find anything relating to IPv6 in Bogons settings

The blocking is configured on a per-interface basis. So open INTERFACES and the look at each configured firewall interface to see if "Block Bogons" is enabled.

If you have the bug, the interval will be predictable.

I will say that sometime back I frequently had problems with a Linux VM inside of VMware Workstation on a Windows 10 host. I routinely left the VM running and VMware Workstation running, but after some period of time (say a day or even a few hours), when I opened up the VMware window and accessed the GUI of the Linux VM I would find it (the Linux VM) had zero network connectivity. I was using "bridged mode". The only way I could "fix" the VM without shutting down and restarting VMware Workstation was to call up the Virtual Network Editor in VMware Workstation and essentially delete and then recreate the virtual network adaptors. Then everything was fine.

That was a while back on a slightly older VMware Workstation. Maybe you are hitting that kind of problem? You may have something going whacky with your virtual network adapters on the host.

huud

The blocking is configured on a per-interface basis. So open INTERFACES and the look at each configured firewall interface to see if "Block Bogons" is enabled.

If you have the bug, the interval will be predictable.

The Block Bogons checkbox is unchecked for all the 3 interfaces, except for WAN (the interface is disabled but the bock bogons checkbox is checked).

I will say that sometime back I frequently had problems with a Linux VM inside of VMware Workstation on a Windows 10 host. I routinely left the VM running and VMware Workstation running, but after some period of time (say a day or even a few hours), when I opened up the VMware window and accessed the GUI of the Linux VM I would find it (the Linux VM) had zero network connectivity. I was using "bridged mode". The only way I could "fix" the VM without shutting down and restarting VMware Workstation was to call up the Virtual Network Editor in VMware Workstation and essentially delete and then recreate the virtual network adaptors. Then everything was fine.

That was a while back on a slightly older VMware Workstation. Maybe you are hitting that kind of problem?

Could be, just that I never faced the issue as I never implemented a firewall in Workstation, I could observe that for a while to see if that is the issue.

bmeeks

See what impact unchecking that bogons block on the WAN has. I'm thinking, though, that if you are experiencing the problem on an interval different than 15 minutes that the bug is not what is causing the problem.

Look in the pfSense system log to see what is getting logged around the time you lose the connectivity. There may be some clues there.

huud

@bmeeks said in 2 devices in the same network, 1 can ping outside other cannot, same firewall rules..:

See what impact unchecking that bogons block on the WAN has. I'm thinking, though, that if you are experiencing the problem on an interval different than 15 minutes that the bug is not what is causing the problem.

Look in the pfSense system log to see what is getting logged around the time you lose the connectivity. There may be some clues there.

Thanks, I will observe that.

As for logs, are they accessible in /var/logs.. ?

bmeeks

@huud said in 2 devices in the same network, 1 can ping outside other cannot, same firewall rules..:

@bmeeks said in 2 devices in the same network, 1 can ping outside other cannot, same firewall rules..:

See what impact unchecking that bogons block on the WAN has. I'm thinking, though, that if you are experiencing the problem on an interval different than 15 minutes that the bug is not what is causing the problem.

Look in the pfSense system log to see what is getting logged around the time you lose the connectivity. There may be some clues there.

Thanks, I will observe that.

As for logs, are they accessible in /var/logs.. ?

In the pfSense GUI under STATUS > SYSTEM MESSAGES.

huud

@bmeeks said in 2 devices in the same network, 1 can ping outside other cannot, same firewall rules..:

@huud said in 2 devices in the same network, 1 can ping outside other cannot, same firewall rules..:

@bmeeks said in 2 devices in the same network, 1 can ping outside other cannot, same firewall rules..:

See what impact unchecking that bogons block on the WAN has. I'm thinking, though, that if you are experiencing the problem on an interval different than 15 minutes that the bug is not what is causing the problem.

Look in the pfSense system log to see what is getting logged around the time you lose the connectivity. There may be some clues there.

Thanks, I will observe that.

As for logs, are they accessible in /var/logs.. ?

In the pfSense GUI under STATUS > SYSTEM MESSAGES.

Thanks..

bmeeks

pfSense uses clog, a binary circular logging engine. So while the files are in /var/log, they are in a binary format. You need to either view them within the pfSense GUI or use the command-line clog utility to dump the logs.

Also note that the circular nature of the logging means you may need to go into the log settings and increase the number of displayed entries. The default is usually a bit small. While on the logs tab in the GUI, look for the Settings tab. That's where you can configure the logging engine.

huud

@bmeeks said in 2 devices in the same network, 1 can ping outside other cannot, same firewall rules..:

pfSense uses clog, a binary circular logging engine. So while the files are in /var/log, they are in a binary format. You need to either view them within the pfSense GUI or use the command-line clog utility to dump the logs.

Also note that the circular nature of the logging means you may need to go into the log settings and increase the number of displayed entries. The default is usually a bit small. While on the logs tab in the GUI, look for the Settings tab. That's where you can configure the logging engine.

Appreciate clarifying that..

huud

I can confirm that the network connectivity loss is due to pausing of the firewall VM, and that once a firewall is restarted connectivity is restored.

huud

Hi,

Just wanted to know if there is a way to turn off firewall filtering but keep the LAN devices in communication, if yes how ?

As I don't need firewalling, I just need the routing part.

Thanks..