Unable to ping to/from netgate XG-7100 WAN interface



  • Setting up a new netgate XG-7100, but I'm unable to ping to/from the WAN interface.

    Setup:

    • ASUS AC1300 wi-fi router using CIDR block 10.0.0.1/24
      • PC A (IP: 10.0.0.107)
      • netgate XG-7100 (WAN IP: 10.0.0.20, LAN IP: 172.16.0.1)
        • PC B (IP: 172.16.0.12)

    Pings from PC A to the XG-7100 WAN interface time out, as do pings from the XG-7100 WAN interface to PC A.
    Also, PC B is unable to access the internet, but PC A is able to.

    I configured the XG-7100 to allow RFC1918 traffic and also added a ICMP rule, but this did not resolve the issue:
    Screen Shot 2019-10-15 at 5.29.59 PM.png
    Screen Shot 2019-10-15 at 5.27.40 PM.png

    What did I do wrong? How can I fix this?

    (Note: This is my first pfSense device so please be kind :))


  • LAYER 8 Rebel Alliance

    Internet access from the pfSense LAN side (your PC B) should work just out of the box.
    Post your Interface settings (WAN + LAN) and Firewall Rules (WAN + LAN) here as Screenshots.
    Why the F do you run a /8 network? You have plans to run over 16 million hosts flat there?!

    -Rico



  • Oops, just a typo as I was running out. The ASUS router is using 10.0.0.0/24, not 10.0.0.0/8 :) (Corrected above now.) Sorry for the confusion!

    Requested screenshots below.

    Interface Settings

    • WAN:
      WAN_Interface_Settings_1.png
      WAN_Interface_Settings_2.png
    • LAN:
      LAN_Interface_Settings_1.png
      LAN_Interface_Settings_2.png

    Firewall Rules

    • WAN:
      Firewall_Rules_WAN.png
    • LAN:
      Firewall_Rules_LAN.png

    Other Notes

    • XG-7100 ETH1 port is connected to the ASUS router LAN port.
    • XG-7100 ETH2 port is connected to PC B.

  • LAYER 8 Rebel Alliance

    Your WAN subnet mask is wrong.
    Change /32 to /24
    As upstream gateway put in your ASUS AC1300 IP.

    -Rico



  • @Rico Corrected the XG-7100 WAN subnet mask and added the upstream gateway. Now the XG-7100 WAN interface is able to ping PC A and the ASUS router, and PC A can ping the XG-7100 WAN interface, but PC B still cannot access the internet.

    Details:

    • Changed XG-7100 WAN subnet mask from /32 to /24:
      WAN_Interface_Corrected.png

    • Added ASUS AC1300 router as a XG-7100 gateway:
      XG-7100_Gateways.png

    • XG-7100 WAN interface can ping PC-A now:

    PING 10.0.0.107 (10.0.0.107) from 10.0.0.20: 56 data bytes
    64 bytes from 10.0.0.107: icmp_seq=0 ttl=64 time=0.783 ms
    64 bytes from 10.0.0.107: icmp_seq=1 ttl=64 time=0.458 ms
    64 bytes from 10.0.0.107: icmp_seq=2 ttl=64 time=0.414 ms
    
    --- 10.0.0.107 ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 0.414/0.552/0.783/0.165 ms
    
    • XG-7100 WAN interface can ping the router now:
      XG-7100_WAN_Ping_PC-A.png


  • Disconnecting the reconnecting PC-B resulted in it being able to access the internet, so all is well now. Thank you for the help, @Rico!

    Also, I just found the guide Troubleshooting Network Connectivity, double-checked the settings, and confirmed the tests work.


  • LAYER 8 Rebel Alliance

    Glad you have it working now.

    -Rico


Log in to reply