Routing between two pFsense
-
Hello there,
I am trying to get two seperate pFsense boxes to communicate with each other as they are the default GW for two separate networks.
They are hosted on two seperate physical servers which have been connected directly together via Ethernet cable.
Below is a little diagram to help explain:
https://i.imgur.com/0iN7nnY.png
I have setup the interfaces to use a static ip (10.0.2.10 & 10.0.2.20) and firewall rules to allow all traffic on those interfaces:
https://i.imgur.com/r2esgwS.png
However when I try to ping the other pFsense box using the appropriate interface I'm not seeing anything go across the interfaces.
Am I missing something obvious here? Selecting the appropriate interface in the left pFsense should be able to directly ping the other since they are connected directly?
I'm not seeing an entry in the ARP table in the left pFsense for the right one (10.0.2.10).
-
"I'm not seeing an entry in the ARP table in the left pFsense for the right one (10.0.2.10)."
Well without the ability to arp - it would never send the ping or any other form of traffic to an IP that is on its own network.
You have a connectivity issue if you put them on the same layer 2 and they can not arp for each other.
-
thanks for your reply,
I have switched the ports around but they still seem unable to see each other - below is a capture from one of the interfaces - both interfaces have green lights and are showing as 1000baseT <full-duplex>in pFsense
12:42:22.533057 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28 12:42:23.553164 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28 12:42:24.573015 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28 12:42:25.600799 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28 12:42:26.616447 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28 12:42:27.640076 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28 12:42:28.653018 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28 12:42:29.679155 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28 12:42:30.193017 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28 12:42:31.213010 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28 12:42:32.239515 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28 12:42:33.253957 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28 12:42:34.273017 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28 ```</full-duplex>
-
well your seeing the arp.. Clearly pfsense doesn't think has IP address 10.0.2.20 or it would answer the arp.
Which interface is that on… You need to see if the other interface is seeing the traffic not that the one side is sending.
-
Thanks I have got it working now.
One of my colleagues set the VLAN id to 2 without telling me so I had to make sure everything matched up - added some static routes and it's working now.
Cheers.
