Can't Ping with static IP address inter vlans

sousket

Hello,

i'm currently on setup with my lab, and i have a problem with routing multi VLAN.

I have a server on OVH (with ESXi), so i have my public IP, and i just adding a failover IP with PFsense.

On my PFsense, i have 3 VLANs :

• LAN (just default LAN on 192.168.1.X).
• VLAN10 (tag 10) : 10.0.10.20 - 200 with gateway 10.0.10.1 (but i don't have create a specific gateway on gateway menu). DHCP enable.
• VLAN20 (tag 20) : 10.0.20.20 - 200 with gateway 10.0.20.1 (same as VLAN10). DHCP enable.

Firewall rules are : VLAN10 to any, and VLAN20 to any

On VLAN10, one DC : 10.0.10.20
ON VLAN20, one server : 10.0.20.20

On each i can ping from VLAN10 to VLAN20 when servers are on dynamics IP (and inversly).

The problem is that when i change IP on static on windows (with same IP as dynamics), i can't ping any servers.

from my DC (VLAN10), i can't ping my server on VLAN20 (and inversly).

No firewalls enable on servers.

Thx for your help !

viragomann

Have you also added the gateway to the host manually when changing to static IP?

sousket

when i change IP from dynamic to static yes, i add :

10.0.10.20
255.0.0.0
10.0.10.1

and DNS himself because it's DC / DNS server (127.0.0.1).

On my second server :

10.0.20.20
255.0.0.0
10.0.20.1

DNS : 10.0.10.20 (first server DC so).

But ping is KO on static IP. Only working with dynamics IP (and same IP).

Note : "Bypass firewall rules for traffic on the same interface" under System>Adv, Firewall/NAT is check.

viragomann

Your network mask is to large!
So both clients think the other IP is in its own subnet and don't direct packet to the gateway.

sousket

Ho sorry !!! Yes after modification it's ok now :) !

But now my problem is that on VLAN10 and VLAN20, i don't have internet access. When I ping 8.8.8.8 from my DC or the other one :

ping 8.8.8.8 :
Reply from 10.0.10.1: Destination host unreachable.

To resume i can't exit from VLAN10 / 20 gateway :(

viragomann

Maybe the outbound NAT isn't working properly.

I don't know if pfSense adds the outbound NAT rule correctly for vLANs or maybe your outbound NAT is set for manual rule generation. Check the rules in Firewall > NAT > Outbound.