Accessing LAN from OPT1
-
I'm posting on the general forum, but I have to note that my pfSense installation is on a VM, I think this is not the source of the problem, but as I'm quite new I also can't discard anything...
I have pfSense running as a qemu VM on an Ubuntu host. The host is running on a NUC, with an integrated Realtek NIC and a USB NIC (AX88179).
The USB NIC is connected to the pfSense WAN, the integrated NIC to the pfSense LAN and I have a openvswitch bridge connected to OPT1 just for the Ubuntu host.
I hope this provides a better idea of what I'm trying to do:
The VM itself seems to work fine, pfSense is able to route traffic from LAN to WAN and from OPT1 to WAN. But I can't access the Ubuntu Server from my LAN or any LAN devices from the Ubuntu Server.
If I try to ping my LAN switch from the pfSense VM it works, and I have internet on my LAN
If I try to ping my Ubuntu server from pfSense it works and I have internet on my server
I can access the server from internet to the ports that I have forwarded
If I try to ping my LAN switch from the Ubuntu Server I don't get any reply and nothing gets captured if I go to Diagnostics->Packet capture and try to capture on the OPT1 interfaceWAN rules
Protocol Source Port Destination Port Gateway Queue Schedule Description IPv4 TCP * * 192.168.2.2 80 (HTTP) * none NAT IPv4 TCP * * 192.168.2.2 443 (HTTPS) * none NAT
LAN rules
Protocol Source Port Destination Port Gateway Queue Schedule Description * * * LAN Address 80 * * Anti-Lockout Rule IPv4 * * * OPT1 net * * none Allow from LAN to OPT1 IPv4 * * * * * * none Allow all
OPT1 rules
Protocol Source Port Destination Port Gateway Queue Schedule Description IPv4 * * * LAN net * * none Allow from OPT1 to LAN IPv4 * * * * * * none Allow all
I have followed several post here with similar problems, most of them where related to the LAN/OPT1 rules or firewalls on the devices. As of firewall on the Ubuntu server, I have it disabled, and as of rules I have tried everything... I have left the rules to expressively allow OPT1 traffic to LAN and vice-versa, but they don't seem to get any traffic.
-
What IP does the Ubuntu server itself have? 192.168.2.2? How is it getting that IP?
Can you ping LAN clients from pfSense if you specify the OPT1 address as source?
Steve
-
It's 192.168.2.2 yes, and is set as an static IP, my /etc/network/interfaces is this:
# WAN interface auto eth0 iface eth0 inet static address 0.0.0.0 #LAN interface auto eth1 iface eth1 inet static address 0.0.0.0 #OPT1 interface auto br0 iface br0 inet static address 192.168.2.2 network 192.168.2.0 netmask 255.255.0.0 gateway 192.168.2.1
I think I already tried DHCP but I will try again
If I ping by specifying OPT1 as address source it doesn't respond!, I'm sorry but I don't know what I can conclude from this
-
Your network mask is too big, it's /16 so the Ubuntu server is trying to ARP for LAN clients directly.
Set it to /24 and you should be good.
Steve
-
Thanks for your quick replies!
I changed the netmask to /24 and rebooted just to be sure... unfortunately I'm still not able to ping neither from my Ubuntu host or from pfSense directly if I set the OPT1 as the address source
-
Ok, check the other subnet masks on other devices and in pfSense. The LAN should be /24 as well but if something there is also /16 it will fail.
Steve
-
All interfaces in pfSense have /24 mask, also the switch and a windows PC connected to it, and I have also tried to set the Ubuntu host br0 IP with dhcp instead of static IP, but I'm still unable to ping the switch from OPT1
-
Ok, some progress! sorry if this is obvious for someone with networking knowledge, but I found out that now I can ping my smart TV (on LAN and gets IP from pfSense ) from my ubuntu server!
I don't really know if I could do that when I had static IP on the ubuntu server, but I still can't ping the switch that has static IP.
-
Check your IP settings in the switch, make sure netmask and gateway are right.
-
That was it! I had not entered the gateway on the switch! Thanks for the help! It seems that I have a lot to learn, I was sure I had something configured wrong with pfSense