LAN - WAN : Errors
-
Hello,
Hello, I am trying to set up Pfsense.
My server in the LAN zone can not access to Internet.I try multiple ping with the different equipments. (router, laptop, server)
I have two erros :- Request timed out
- TTL expired in transit
Here is a diagram of the infrastructure
An array of ping tests
What can I test more?
Thanks for advance :)
-
@gaudouy
Are you routing or nating between the WAN and LAN on the pfSense? -
Thanks for your reponse @conor
I'm doing routing.
I have two different networks 192.168.1.0 (WAN) and 192.168.2.0 (LAN). I did not set up a static route.
There is no rule in the firewal. Everything is allowed.In the section Diagnostics / Routes why I see link# ?
It's the problem ?
In Pfsense, i have this conf :
-
Starting with the laptop...
If you are doing routing that means that SRV-1 ping will reach Laptop-1 with a source IP of 192.168.2.240, this is outside of Laptop-1 subnet so it will send the responce to 192.168.1.1. So if the router 192.168.1.1 doesn't have a route for the 192.168.2.0 network it will send the reply ping out of the network onto the web.Assuming that the laptop firewall is off or allowing ICMP pings.
-
@gaudouy said in LAN - WAN : Errors:
In the section Diagnostics / Routes why I see link# ?
That default route points to the interface rather than the upstream router, but that value doesn't tie in with the screen shot below it, thats weird.
-
-
in regards to the "links" question:
https://www.freebsd.org/doc/en/books/handbook/network-routing.html -
@gaudouy said in LAN - WAN : Errors:
RT-1 have a route for 192.168.2.0/24.
I'd run a TCPdump on the WAN interface as you are pinging from SRV-1 to Laptop-1 and check the packets source and destination addresses. Also check for replies coming from the laptop.
-
Thanks, I will read the documentation
-
are you checking 8.8.8.8 as the DNS?
Can you post a screen shot of: "System > General Setup" please
-
@conor Thanks, I will check it
-
Also for gateways normally you would only have the WAN interface with an entry, i'd remove the LAN gateway, make sure on the LAN interface there is no gateway set
-
@conor
In System > General Setup , I have : -
Ok remove the LAN side gateway then reboot and send on a screenshot of Diagnostics / Routes please
-
@conor
I have removed the LAN Gateway and ... Tadaaam !PING SRV-1 to RT-1
ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from 192.168.1.1: bytes=32 time<1ms TTL=63 Reply from 192.168.1.1: bytes=32 time<1ms TTL=63 Reply from 192.168.1.1: bytes=32 time<1ms TTL=63 Reply from 192.168.1.1: bytes=32 time<1ms TTL=63 Ping statistics for 192.168.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
and SRV-1 to DNS :
ping 8.8.8.8 Pinging 8.8.8.8 with 32 bytes of data: Reply from 8.8.8.8: bytes=32 time=14ms TTL=54 Reply from 8.8.8.8: bytes=32 time=14ms TTL=54 Reply from 8.8.8.8: bytes=32 time=14ms TTL=54 Reply from 8.8.8.8: bytes=32 time=13ms TTL=54 Ping statistics for 8.8.8.8: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 13ms, Maximum = 14ms, Average = 13ms
Thank you very much for your help