Can't Ping with static IP address inter vlans
-
Hello,
i'm currently on setup with my lab, and i have a problem with routing multi VLAN.
I have a server on OVH (with ESXi), so i have my public IP, and i just adding a failover IP with PFsense.
On my PFsense, i have 3 VLANs :
- LAN (just default LAN on 192.168.1.X).
- VLAN10 (tag 10) : 10.0.10.20 - 200 with gateway 10.0.10.1 (but i don't have create a specific gateway on gateway menu). DHCP enable.
- VLAN20 (tag 20) : 10.0.20.20 - 200 with gateway 10.0.20.1 (same as VLAN10). DHCP enable.
Firewall rules are : VLAN10 to any, and VLAN20 to any
On VLAN10, one DC : 10.0.10.20
ON VLAN20, one server : 10.0.20.20On each i can ping from VLAN10 to VLAN20 when servers are on dynamics IP (and inversly).
The problem is that when i change IP on static on windows (with same IP as dynamics), i can't ping any servers.
from my DC (VLAN10), i can't ping my server on VLAN20 (and inversly).
No firewalls enable on servers.
Thx for your help !
-
Have you also added the gateway to the host manually when changing to static IP?
-
when i change IP from dynamic to static yes, i add :
10.0.10.20
255.0.0.0
10.0.10.1and DNS himself because it's DC / DNS server (127.0.0.1).
On my second server :
10.0.20.20
255.0.0.0
10.0.20.1DNS : 10.0.10.20 (first server DC so).
But ping is KO on static IP. Only working with dynamics IP (and same IP).
Note : "Bypass firewall rules for traffic on the same interface" under System>Adv, Firewall/NAT is check.
-
Your network mask is to large!
So both clients think the other IP is in its own subnet and don't direct packet to the gateway. -
Ho sorry !!! Yes after modification it's ok now :) !
But now my problem is that on VLAN10 and VLAN20, i don't have internet access. When I ping 8.8.8.8 from my DC or the other one :
ping 8.8.8.8 :
Reply from 10.0.10.1: Destination host unreachable.To resume i can't exit from VLAN10 / 20 gateway :(
-
Maybe the outbound NAT isn't working properly.
I don't know if pfSense adds the outbound NAT rule correctly for vLANs or maybe your outbound NAT is set for manual rule generation. Check the rules in Firewall > NAT > Outbound.