Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Inter-VLAN routing goes out WAN?

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 731 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      dansherman
      last edited by

      I have several VLANs set up, and everything was working perfectly until I rebooted the systems (to move them to a new UPS). Now, the VLANs cannot reach each other (where they could before).

      For example, the pfSense box is 10.0.10.1 and 10.0.20.1. My workstation is 10.0.10.10 on VLAN 10. The FreePBX server is 10.0.20.2 on VLAN 20.
      The workstation and FreePBX server both pulled IPs from the DHCP server as expected.
      From pfSense I can ping both IPs as expected. The route tables look correct:

      But pinging from FreePBX to the workstation returns:

      [root@phones ~]# ping 10.0.10.10
PING 10.0.10.10 (10.0.10.10) 56(84) bytes of data.
From 74.42.151.81 icmp_seq=1 Destination Net Unreachable

      Pinging from the workstation to FreePBX returns:

      [~] ⇛ ping 10.0.20.2
PING 10.0.20.2 (10.0.20.2): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
Request timeout for icmp_seq 6
36 bytes from ae2---0.car01.mond.mn.frontiernet.net (74.42.151.81): Destination Net Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 50bf   0 0000  3e  01 f9de 10.0.10.10  10.0.20.2

      Traceroutes (in either direction) show:

      [~] ⇛ traceroute 10.0.20.2
traceroute to 10.0.20.2 (10.0.20.2), 64 hops max, 52 byte packets
 1  static-74-42-XXX-XXX.dsl1.mond.mn.frontiernet.net (74.42.XXX.XXX)  0.693 ms  0.496 ms  0.451 ms
 2  adr01.mond.mn.frontiernet.net (74.42.148.222)  5.796 ms  5.443 ms  5.740 ms
 3  ae2---0.car01.mond.mn.frontiernet.net (74.42.151.81)  5.434 ms !N  5.347 ms !N  5.437 ms !N

      If it were just a timeout, or "Destination Net Unreachable", I'd assume my firewall rules were broken, but since pings are redirected outside the LAN I think it might be something else. The 74.42.151.81 address is on the same /16 as my ip, but its not anything I'm familiar with.

      Any thoughts?

      1 Reply Last reply Reply Quote 0
      • johnpozJ Online
        johnpoz LAYER 8 Global Moderator
        last edited by

        And what are you rules on your lan - are you forcing traffic out a gateway?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 25.07

        1 Reply Last reply Reply Quote 0
        • D Offline
          dansherman
          last edited by

          Found it!

          I have two WAN connections, and the failover rules were misconfigured. Instead of keeping all local traffic, it was sending anything not in its own /24 out the DSL line. I fixed it by using an alias for my local VLANs instead of the incorrect "network" match.

          All better now, thanks.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.