LAN - WAN : Errors



  • Hello,

    Hello, I am trying to set up Pfsense.
    My server in the LAN zone can not access to Internet.

    I try multiple ping with the different equipments. (router, laptop, server)
    I have two erros :

    • Request timed out
    • TTL expired in transit

    Here is a diagram of the infrastructure
    schema.jpg

    An array of ping tests
    tableau.jpg

    What can I test more?

    Thanks for advance :)



  • @gaudouy
    Are you routing or nating between the WAN and LAN on the pfSense?



  • Thanks for your reponse @conor

    I'm doing routing.

    I have two different networks 192.168.1.0 (WAN) and 192.168.2.0 (LAN). I did not set up a static route.
    There is no rule in the firewal. Everything is allowed.

    In the section Diagnostics / Routes why I see link# ?
    routes.jpg

    It's the problem ?

    In Pfsense, i have this conf :

    config route.jpg



  • Starting with the laptop...
    If you are doing routing that means that SRV-1 ping will reach Laptop-1 with a source IP of 192.168.2.240, this is outside of Laptop-1 subnet so it will send the responce to 192.168.1.1. So if the router 192.168.1.1 doesn't have a route for the 192.168.2.0 network it will send the reply ping out of the network onto the web.

    Assuming that the laptop firewall is off or allowing ICMP pings.



  • @gaudouy said in LAN - WAN : Errors:

    In the section Diagnostics / Routes why I see link# ?

    That default route points to the interface rather than the upstream router, but that value doesn't tie in with the screen shot below it, thats weird.



  • @Conalduggan

    On RT-1, the config is :
    routes-sfr-rt-1.jpg

    RT-1 have a route for 192.168.2.0/24.





  • @gaudouy said in LAN - WAN : Errors:

    RT-1 have a route for 192.168.2.0/24.

    I'd run a TCPdump on the WAN interface as you are pinging from SRV-1 to Laptop-1 and check the packets source and destination addresses. Also check for replies coming from the laptop.



  • Thanks, I will read the documentation โ˜บ



  • are you checking 8.8.8.8 as the DNS?

    Can you post a screen shot of: "System > General Setup" please



  • @conor Thanks, I will check it



  • Also for gateways normally you would only have the WAN interface with an entry, i'd remove the LAN gateway, make sure on the LAN interface there is no gateway set



  • @conor
    In System > General Setup , I have :

    dns.jpg



  • @gaudouy

    Ok remove the LAN side gateway then reboot and send on a screenshot of Diagnostics / Routes please



  • @conor
    I have removed the LAN Gateway and ... Tadaaam !

    PING SRV-1 to RT-1

    ping 192.168.1.1
    
    Pinging 192.168.1.1 with 32 bytes of data:
    Reply from 192.168.1.1: bytes=32 time<1ms TTL=63
    Reply from 192.168.1.1: bytes=32 time<1ms TTL=63
    Reply from 192.168.1.1: bytes=32 time<1ms TTL=63
    Reply from 192.168.1.1: bytes=32 time<1ms TTL=63
    
    Ping statistics for 192.168.1.1:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms
    

    and SRV-1 to DNS :

    ping 8.8.8.8
    
    Pinging 8.8.8.8 with 32 bytes of data:
    Reply from 8.8.8.8: bytes=32 time=14ms TTL=54
    Reply from 8.8.8.8: bytes=32 time=14ms TTL=54
    Reply from 8.8.8.8: bytes=32 time=14ms TTL=54
    Reply from 8.8.8.8: bytes=32 time=13ms TTL=54
    
    Ping statistics for 8.8.8.8:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 13ms, Maximum = 14ms, Average = 13ms
    

    Thank you very much for your help ๐Ÿ‘ ๐Ÿ˜ ๐Ÿ˜ ๐Ÿ˜


Log in to reply