I can not reach my server
-
Good afternoon, I'm trying to build a network with the following topology:
The addresses I use are exactly the ones shown in the diagram. I want to reach my Ubuntu file server with the address 10.10.10.20. For example: I am inside the router in the interface with the address 192.168.1.1 and I try to ping my server but I can not. In the router everything is configured, including the route to the network 10.10.10.0/24 where the server is located. What is wrong or missing missing?
Ps: In pfsense I have not set any blocking rules yet. -
So your on router 192.168.1.1 and your trying to ping 10.10.10.20. IE your source of this traffic is 192.168.1.1?
And you turned off nat in pfsense?
You created a route in router that says 10.10.10.0/X go to 192.168.1.2
You created a firewall rule on pfsense wan 192.168.1/X that allow ICMP or whatever it is your trying to hit on 10.10.10.20.
Your 10.10.10.20 firewall will also allow this? Its default gateway is 10.10.10.1?
-
My traffic is 192.168.1.1
I turned off nat in pfsense.
I created a route in router that says 10.10.10.0/X go to 192.168.1.2
I created a firewall rule on pfsense wan 192.168.1/X that allow whatever to hit on 10.10.10.20
10.10.10.20 default gateway is 10.10.10.1
Still no signal. -
@utilizador_estagio said in I can not reach my server:
10.10.10.0/X go to 192.168.1.2
Show them!!
Users say they did X all the time when really ends up being not even Y but more like
This is clickity clickity works.. You can not even take the time to put in what you actually put in for route because it sure an the hell not 10.10.10.0/x would never work.
Even if you did do it wrong - it takes 2 seconds to troubleshoot. Sniff on pfsense wan do you see the traffic going to 10.10.10.20? Since of pfsense do you see traffic going to 10.10.10.20?
-
@utilizador_estagio What you posted seems correct but of course the devil is in the details. With no other activity, I'd do the pinging and notice whether the RJ45 LED on 192.168.1.2 even blinks, is ANYTHING hitting the box? or not getting out from router at all.
I don't know what router box you have but routing tables are similar to rules tables, they are evaluated top-to-bottom so if your routing table looks like:
(entry1) 0.0.0.0 0.0.0.0 WAN (any network, gateway=WAN)
(entry2) 10.10.10.0 255.255.255.0 192.168.1.2Then it never hits entry2.
Is there a traceroute function in the router box?
-
@sammywoo said in I can not reach my server:
they are evaluated top-to-bottom
No where would you have gotten that idea.. Routing tables are not like firewall rules. They are not looked at in "order" but which route is more specific to least specific and if routes are same in specificity then the metric would be used to determine which is used.
A specific route for a network would be used over default.
-
You can always use the route command to check which route is selected for a specific target:
$ route -n get default route to: 0.0.0.0 destination: 0.0.0.0 mask: 0.0.0.0 gateway: 86.115.0.1 fib: 0 interface: re0 flags: <UP,GATEWAY,DONE,STATIC> recvpipe sendpipe ssthresh rtt,msec mtu weight expire 0 0 0 0 1500 1 0And yes, routing table is looked up by matching the destination address to the table entries and selecting the closest match, order of the table entries makes no difference. For example if you have two entries like:
10.0.0.0/24 .... 10.0.0.10/32 ....The /32 entry would be selected for the target 10.0.0.10 because it is more specific, the netmask of the entry has more bits set in the network part of the mask.
Afaik FreeBSD/pfSense doesn't use metrics in its routing tables.
-
yes, i have to try Reset to factory defaults and login web gui now. i dont know why happen this.
