Accessing LAN from OPT1



  • I'm posting on the general forum, but I have to note that my pfSense installation is on a VM, I think this is not the source of the problem, but as I'm quite new I also can't discard anything...

    I have pfSense running as a qemu VM on an Ubuntu host. The host is running on a NUC, with an integrated Realtek NIC and a USB NIC (AX88179).

    The USB NIC is connected to the pfSense WAN, the integrated NIC to the pfSense LAN and I have a openvswitch bridge connected to OPT1 just for the Ubuntu host.

    I hope this provides a better idea of what I'm trying to do:

    network

    The VM itself seems to work fine, pfSense is able to route traffic from LAN to WAN and from OPT1 to WAN. But I can't access the Ubuntu Server from my LAN or any LAN devices from the Ubuntu Server.

    If I try to ping my LAN switch from the pfSense VM it works, and I have internet on my LAN
    If I try to ping my Ubuntu server from pfSense it works and I have internet on my server
    I can access the server from internet to the ports that I have forwarded
    If I try to ping my LAN switch from the Ubuntu Server I don't get any reply and nothing gets captured if I go to Diagnostics->Packet capture and try to capture on the OPT1 interface

    WAN rules

    Protocol 	Source 	Port 	Destination 	Port 		Gateway 	Queue 	Schedule 	Description
    IPv4 TCP 	* 	* 	192.168.2.2 	80 (HTTP) 	* 		none 			NAT 	
    IPv4 TCP 	* 	* 	192.168.2.2 	443 (HTTPS) 	* 		none 			NAT 	
    

    LAN rules

    Protocol 	Source 	Port 	Destination 	Port 		Gateway 	Queue 	Schedule 	Description
    * 		* 	* 	LAN Address 	80 		* 		* 			Anti-Lockout Rule 	
    IPv4 * 		* 	* 	OPT1 net 	* 		* 		none 	  		Allow from LAN to OPT1 	
    IPv4 * 		* 	* 	* 		* 		* 		none 	  		Allow all
    

    OPT1 rules

    Protocol 	Source 	Port 	Destination 	Port 		Gateway 	Queue 	Schedule 	Description
    IPv4 * 		* 	* 	LAN net 	* 		*	 	none 	  		Allow from OPT1 to LAN
    IPv4 * 		* 	* 	* 		* 		* 		none 	  		Allow all
    

    I have followed several post here with similar problems, most of them where related to the LAN/OPT1 rules or firewalls on the devices. As of firewall on the Ubuntu server, I have it disabled, and as of rules I have tried everything... I have left the rules to expressively allow OPT1 traffic to LAN and vice-versa, but they don't seem to get any traffic.


  • Netgate Administrator

    What IP does the Ubuntu server itself have? 192.168.2.2? How is it getting that IP?

    Can you ping LAN clients from pfSense if you specify the OPT1 address as source?

    Steve



  • It's 192.168.2.2 yes, and is set as an static IP, my /etc/network/interfaces is this:

    # WAN interface
    auto eth0
    iface eth0 inet static
        address 0.0.0.0
    
    #LAN interface
    auto eth1
    iface eth1 inet static
        address 0.0.0.0
    
    #OPT1 interface
    auto br0
    iface br0 inet static
        address 192.168.2.2
        network 192.168.2.0
        netmask 255.255.0.0
        gateway 192.168.2.1
    

    I think I already tried DHCP but I will try again

    If I ping by specifying OPT1 as address source it doesn't respond!, I'm sorry but I don't know what I can conclude from this ☹


  • Netgate Administrator

    Your network mask is too big, it's /16 so the Ubuntu server is trying to ARP for LAN clients directly.

    Set it to /24 and you should be good.

    Steve



  • Thanks for your quick replies!

    I changed the netmask to /24 and rebooted just to be sure... unfortunately I'm still not able to ping neither from my Ubuntu host or from pfSense directly if I set the OPT1 as the address source


  • Netgate Administrator

    Ok, check the other subnet masks on other devices and in pfSense. The LAN should be /24 as well but if something there is also /16 it will fail.

    Steve



  • All interfaces in pfSense have /24 mask, also the switch and a windows PC connected to it, and I have also tried to set the Ubuntu host br0 IP with dhcp instead of static IP, but I'm still unable to ping the switch from OPT1



  • Ok, some progress! sorry if this is obvious for someone with networking knowledge, but I found out that now I can ping my smart TV (on LAN and gets IP from pfSense ) from my ubuntu server!

    I don't really know if I could do that when I had static IP on the ubuntu server, but I still can't ping the switch that has static IP.



  • Check your IP settings in the switch, make sure netmask and gateway are right.



  • That was it! I had not entered the gateway on the switch! Thanks for the help! It seems that I have a lot to learn, I was sure I had something configured wrong with pfSense ☺


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy