Routing working "randomly"



  • So, i have several VLANs

    When i try to ping from a VLAN7 machine to a VLAN101 machine it doesn't work, no ping response.

    Pinging from pfsense to the VLAN101 machine works 100% of the time

    Pinging from the VLAN7 machine to a VLAN226 machine works also

    Firewall rules on all VLANs are the same (Allow all basically)

    i can't get my head around this…

    10.7.3.1 > 10.1.1.1: ICMP echo request, id 22, seq 24256, length 40
    03:04:10.117129 80:c1:6e:20:ae:ce > e8:39:35:2c:77:a8, ethertype IPv4 (0x0800), length 483: (tos 0x0, ttl 128, id 30308, offset 0, flags [none], proto UDP (17), length 469)

    no response

    10.7.3.1 > 10.226.1.10: ICMP echo request, id 22, seq 24147, length 40
    03:03:33.355102 e8:39:35:2c:77:a8 > 80:c1:6e:20:ae:ce, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 63, id 51718, offset 0, flags [none], proto ICMP (1), length 60)
        10.226.1.10 > 10.7.3.1: ICMP echo reply, id 22, seq 24147, length 40
    03:03:33.359265 80:c1:6e:20:ae:ce > e8:39:35:2c:77:a8, ethertype IPv4 (0x0800), length 824: (tos 0x0, ttl 128, id 30199, offset 0, flags [none], proto UDP (17), length 810)

    works perfectly….


  • LAYER 8 Global Moderator

    well maybe 10.1.1.1 doesn't answer ping.

    So I assume all these vlans are directly attached to pfsense, and all clients in these networks use pfsense as their gateway.



  • Yes they are, but, like i said, if i do the ping from pfsense, either Web or SSH interfaces the ping is 100% ok

    [2.4.2-RELEASE][admin@]/root: ping 10.1.1.1
    PING 10.1.1.1 (10.1.1.1): 56 data bytes
    64 bytes from 10.1.1.1: icmp_seq=0 ttl=64 time=0.260 ms
    64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.183 ms
    64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.186 ms
    64 bytes from 10.1.1.1: icmp_seq=3 ttl=64 time=0.184 ms
    64 bytes from 10.1.1.1: icmp_seq=4 ttl=64 time=0.188 ms
    64 bytes from 10.1.1.1: icmp_seq=5 ttl=64 time=0.179 ms
    ^C
    –- 10.1.1.1 ping statistics ---
    6 packets transmitted, 6 packets received, 0.0% packet loss


  • LAYER 8 Netgate

    If you do the ping from pfSense, the traffic is same-subnet.

    If you do it from another VLAN the traffic is from a remote subnet.

    Check the software/windows/symantec/etc firewall on the target node.



  • @Derelict:

    If you do the ping from pfSense, the traffic is same-subnet.

    If you do it from another VLAN the traffic is from a remote subnet.

    Check the software/windows/symantec/etc firewall on the target node.

    how does that work?

    The target does not have any firewall..

    And now i'm having another issue with a port forward, which seems not to be working at all…. this is weird...


Log in to reply