Issues reaching devices on my network (NAT Suspected)
-
Hello,
I have a rather interesting if not complex issue going on with my network. This has been going on for about 90 days now and I finally decided time to ask here!
I have an ESXi (6.5) host (Enterprise plus license - single host), I have a few VLANS and on my server VLAN, which is 172.16.100.0/24, on this subnet I have a Cisco 2960 L2 switch, a Synology NAS,, and a Cisco 1141 AP. None of these devices became reachable after a power failure. I suspected the switch but the switch can ping itself and the internet. My AP connects clients, yet I cant reach the IP address for it (172.16.100.99) on the same subnet/VLAN. The same became true with my switch.
I also have some virtual machines that became unreachable on the same VLAN/subnet. What confuses me the most is that when I used a serial cable to ping from the switch to another device on the same subnet (no routing involved), no go. No pings, no ssh, nothing.
Im at a loss, I figure maybe its not routing correctly, I'm wondering if perhaps the pfsense isnt NATing the traffic correctly but I lack enough knowledge to further troubleshoot this issue. My setup is using a single 10gb virtual interface such as interface 0.VLAN.
If any logs or anything are needed, please let me know and how to obtain them. As a side note, I once tried to use Opensense and things would ping again before.
-
Your post is a bit confusing and missing a mile of information.
That said welcome to the forums. :)
#1 Routing between LAN interfaces is not NATting. Its just routing.
Talk about how many subnets you are running and which subnets cannot talk to which subnet(s)
If your switch can reach the internet then Im of the belief that at least one of your LANs is NATting just fine.
You say "none of these devices become reachable" from what?
-
Hello and yes I agree its confusing and difficult to explain and normally I would agree that routing is just routing but when you are trying to say ping from 172.16.100.8 -> 172.16.100.10 for example and it fails to respond and yet it can ping itself fine. I only have the 1 switch as well., this is just on the same subnet and only seems to be happening when pfsense is my router. I know its not firewall rules because other virtual machines ping fine on that same subnet. Reason why I thought maybe NAT was because I know pfsense does have inbound and outbound NAT rules.
TY for the welcome. As for how many subnets I have about 3 VLANs that I am concerned about. When I am on another VLAN like 192.168.0.3 I still cant seem to reach the same devices.
-
@theRealPhoenix said in Issues reaching devices on my network (NAT Suspected):
ping from 172.16.100.8 -> 172.16.100.10
If this is on the same subnet.. IE. not a couple of /29 or something then they are behind the same router interface.
If they are on the same subnet then the traffic from one of those to the other never touches the router. That's handled as a switch function. Your router only sees traffic it needs to pass from one interface to another.
If traffic meant for an address outside of the subnet then the traffic is directed by the switch towards the "gateway" address for the gateway device (in this case your pfsense box) to pass through it for another interface.
If traffic is meant for another address inside the subnet then the traffic is directed to the other device by the switch. The switch will not send the traffic to an interface it is not meant for. That includes your router.
:)
