Having LAN issues related to a new switch
-
Hi again,
Today I believe I have lost my mind. Something so simple my pet poodle could probably figure it out is beyond me today.I have a little 6 port switch. DGS-1005G
I have 2 PCs connected to the switch via Cat5 cables
I have the LAN interface of the Pfsense box connected to the switch via a Cat5 cableAll IPs are static (manually set) to the same network/mask.
Lets say the IP address of the LAN Interface is 192.168.0.2
Let's say IP address of PC 1 is 192.168.0.3
Let's say IP address of PC 2 is 192.168.0.4
Let's say the subnet is 255.255.255.0Not only can I not communicate between these PC's
I cannot even get pfsense to show any ATTEMPTS to connect from either PC to the other in the logs.I CAN however connect to the Internet from either PC
So, lemme have it...cause I know I've totally fallen off the ship but I'm blank.
I should not drive today.....I might not remember that those red lights mean "Stop".
Did I totally forget how a Switch works?
Did I forget the Golden Rule of Networking? -
Im betting your PC firewalls are blocking things. Are your interfaces labeled public or private on their firewalls?
-
will check both. thx
-
Inter-LAN traffic does not hit the firewall at all, so this is not a pfSense issue. As chpalmer said, it could be client firewalls.
-
But LAN-Interface to any LAN Device & vice--versa does. At least in MY setup it does.
So I should still see it between LAN Interface and device even if not LAN Device to LAN Device. -
I don't understand what you mean. All clients on the same network talk directly to each other. They only need to talk to pfSense if the traffic needs to be routed to a different network. Since your two clients are on the same LAN, they talk directly to each other via the switch. Their traffic is never even seen by pfSense LAN interface at all.
-
Taken directly from the logs a few seconds ago.....
May 14 19:03:01 LAN LAN allow (1557864558) 192.168.0.103:53837 192.168.0.2:3406 TCP:S
As I said, traffic from LAN-Interface to any LAN-Device and vice-versa IS logged.
So, I should at least see the PC going to the Interface.....but for these connections I do not.
That's what's got me puzzled.So let's say I try to connect to 192.168.0.2 from 192.168.0.3.
I should see a log entry going at least to 192.168.0.2 -
That means that the client was trying to open a connection (SYN) to pfSense LAN, for whatever reason. That doesn't show it using pfSense to talk to the other client.
Look, this is basic networking. You asked for help. Why are you now arguing?
What are these clients? Windows? Linux? Mac?...
-
@HansSolo said in Having LAN issues related to a new switch:
So let's say I try to connect to 192.168.0.2 from 192.168.0.3.
I should see a log entry going at least to 192.168.0.2No, you should not. Or at least not unless you've got a port-forward in place that NATs some external IP back into your LAN to the other client.
-
arguing?
My my. Am I coming across that way? Sry. Your help is appreciated.I guess what's going on here is that the WG Fireboxes I came from ALWAYS logged this traffic.
I'm used to seeing it.
I guess it's just something else I have to adjust to.
Annnnnd maybe I just realized why it might have......hmmmmBuit you're right....how can it log traffic that isn't going through it?
-
All I am saying is believe me when I tell you that inter-LAN comms go direct without hitting pfSense. Trust me. NOw about those clients?
-
Windows
-
Windows firewall will automatically block traffic from a different subnet, but it should allow local traffic. As a test, disable the firewall on both clients and try your ping test again.
Perhaps your Wireguard was running its LAN interface in promiscuous mode and sucking up every packet it saw hitting its buffer.
-
@HansSolo said in Having LAN issues related to a new switch:
So let's say I try to connect to 192.168.0.2 from 192.168.0.3.
I should see a log entry going at least to 192.168.0.2Incorrect. Traffic will not hit the firewall unless the destination is outside of 192.168.0.0/24. If both PC's are in the same subnet, you can disconnect PFsense altogether and the two devices will still communicate because the switch is flooding the frame to all ports in the same broadcast domain and will forward the frame to the correct port one it learns the MAC address from the destination PC.
If you're having communication issues between two devices in the same subnet, you either have a windows firewall issue or a configuration issue within the software/protocol that you're trying to communicate with.
When you say you cannot communicate between PC's... what exactly are you trying to do?
-
Never. I ALWAYS disabled Promiscuous mode.
But now I'm gonna go back and connect these two to that Firebox just to see.
I'm not sure HOW it logged that traffic. But it did. -
Either the traffic was between different subnets, or the NIC was in promiscuous mode, or some other device was in promiscuous mode and relaying what it saw to the WG box. It has to be something special because tcp/ip works the same way everywhere. Local IPv4 clients find each other via ARP and talk direct.
-
-
Can you ping from one to the other? Have you disabled both firewalls and tried to ping?
I have to leave for a little bit. BBL.
-
@HansSolo said in Having LAN issues related to a new switch:
Just trying to get two PC's on a local network share.
As stated already this has ZERO to do with pfsense - ZERO... Other than it being your dhcp server I assume, when it come to device A talking to B that are both on the same network... The router/gateway (pfsense) has ZERO to do with that conversation - zero!!
-
IF = Then.
If destination address lies within your subnet Then client one goes direct to client two.
If destination address lies outside your subnet Then the client traffic is directed at the gateway address. If and only then.
