Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PROBLEM HITTING HOST

    Firewalling
    2
    4
    208
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xlameee last edited by xlameee

      Hello

      I have run into a confusion

      I have interface "SERVERS"
      VLAN 12
      VIP IP 10.12.12.1
      MASTER : 10.12.12.2
      BACKUP : 10.12.12.3

      and

      Interface "STORAGE"
      VLAN 70
      VIP IP 10.72.70.1
      MASTER : 10.72.70.2
      BACKUP : 10.72.70.3

      RULES ON SERVERS interface are ANY TO ANY
      RULES ON THE STORAGE interface are PASS ICMP from STORAGE NET to any
      and REJECT STORAGE NET TO ANY just for logging

      When I tried to ping host let say 10.72.70.4 I've got time out
      but I can ping the VIP and an active Firewall in the HA cluster

      I can't seems to be able to go past the gateway of the STORAGE interface from any interface

      I should be missing something very simple in that puzzle :)

      Thank you

      EDIT: I just tuned on the DHCP on this interface and I've got an IP address to the host and I can mange from this interface but when I go static IP the IP does not show in nmap -sP request
      sorry I forgot to say that my storage Interface I have a freenas only installed

      OK I used pfsense diagnostics tools to ping that host when I try from STORAGE as a source address no problem but from any other interface I've got time out
      It is showing on the arp table, but why I can't get to this interface from any other I don't get it they all have ANY TO ANY Rule

      ?????????????????

      Only when this host get IP from DHCP everything is working fine

      X 1 Reply Last reply Reply Quote 0
      • X
        xlameee @xlameee last edited by

        ANYONE????????

        1 Reply Last reply Reply Quote 0
        • Gertjan
          Gertjan last edited by

          Nope.
          It's still a puzzle.
          Add a network schema. Interface names, firewall rules, settings. Everything you took from default.
          Something to work with.

          No "help me" PM's please. Use the forum.

          X 1 Reply Last reply Reply Quote 0
          • X
            xlameee @Gertjan last edited by

            @gertjan hello

            I took from default a lot.

            RULES : for STORAGE INTERFACE Reject ANY TO ANY just for logging
            and PASS ICMP from STORAGE Net to ANY

            RULES FOR SERVERS Interface PASS SERVERS Net TO ANY

            This is a downstream network the FreeNAS is connected to an upstream network 192.168.10.0/24 the gateway and dns servers are set to an upstream network 192.168.10.1/24

            the WebGUI IPv4 Address is set to 0.0.0.0 witch mean I can manage the webGUI from any interface or I should be able to do so.

            the interface STORAGE on the FreeNAS is pointed to a downstream network 10.72.70.0/27 to provide an SMB share for all downstream networks

            What I was trying to do is start managing it from the downstream network 10.72.70.0/27 because I am going to remove it from the upstream network.

            I called upstream network but is actually my old 1Gb network and I am moving into a 40Gb and I am transferring all hosts to my new network

            What else puzzles me host can ping the upstream network but not the other one

            Thank you

            1 Reply Last reply Reply Quote 0
            • First post
              Last post