How to get 2 separate networks to talk to each other?

johnpoz · Feb 25, 2020, 3:38 PM

Well there are no pings in there..

So up the level of output so you can see the mac.. I think your mac is wrong to be honest. Since you set a static.

And when you did the sniff you did it at the same time as you were pinging?

Not seeing any response for dns in there either..

ilovechickennuggets · Feb 25, 2020, 4:02 PM

These are the current static mapping settings of the entry. The first shows pfsense. The second shows the MAC of the nas. So to make sure I was getting the right IP and MAC, I restarted my NAS. Somehow it gave me a new IP from dhcp. I did something wrong.

P.S. kiokoman, thank you for your help too!

johnpoz · Feb 25, 2020, 4:04 PM

And can you ping this IP?

ilovechickennuggets · Feb 25, 2020, 4:04 PM

@johnpoz
Yes the sniff happened at the same time as the ping.

After I restarted my NAS just now, it gave me new IP of 192.168.70.10 - which is the start of my DHCP range.

johnpoz · Feb 25, 2020, 4:05 PM

and can you ping that?

Can your nas ping pfsense 70.1 address?

ilovechickennuggets · Feb 25, 2020, 4:10 PM

@johnpoz
🔒 Log in to view
🔒 Log in to view

Packet capture is not picking up anything during the ping

johnpoz · Feb 25, 2020, 4:24 PM

Well then no nothing is going to work... Can the server ping pfsense IP? Does internet work? You have it directly plugged into an interface on pfsense - there are no switches.

I am not sure that your doing the sniff correctly to be honest.. do a tcpdump on pfsense while you ping..

Open up 2 ssh windows to pfsense and do it this way... start a tcpdump for icmp on the interface this server network is on..

Then in the other windows ping... Then also ping from the server to 70.1 address while your sniff is running

example
🔒 Log in to view

This sever is physical right - its not some VM running on something?

Lets try this - install the package arping... Lets try that..

example
🔒 Log in to view

kiokoman · Feb 25, 2020, 4:23 PM

now i'm curious to see where the hell we are hitting the head

ilovechickennuggets · Feb 25, 2020, 4:23 PM

@johnpoz @kiokoman
The server is a physical machine directly connected to pfsense interface with no switches in between this connection. Unfortunately, I am out of time for now and will come back to this later to try this.

johnpoz · Feb 25, 2020, 4:26 PM

see my edit.. about using arping package as well.

Clearly you would use server as the interface and ip of your nas..

ilovechickennuggets · Feb 25, 2020, 10:03 PM

@johnpoz @kiokoman
Ok I did a complete shut down and reboot. The NAS is now getting the correct static IP. In Pfsense, under Status/ DHCP Leases -showing as online
🔒 Log in to view

I installed ARPing and ran it with following settings
🔒 Log in to view
🔒 Log in to view

As for SSH and tcpdump, I am going to need to educate myself on this because I'm treading onto something completely new to me. I'll be back try your advice after I go through some documentations and tutorials. I don't have SSH set up and it looks like I need to generate a key.

johnpoz · Feb 25, 2020, 10:21 PM

so arping works, but normal ping does not?

That just SCREAMS, SCREAMS!!! firewall on that box!!!

ilovechickennuggets · Feb 25, 2020, 10:22 PM

@johnpoz
🔒 Log in to view
Correct, this is the newest try at pinging.

johnpoz · Feb 25, 2020, 10:24 PM

Well your clearly arping for the IP.. Which comes back with mac correct, and you got your dhcpd address you reserved. So you seem to not being answering..

The odd thing is you didn't show any pings going out even when you tried to ping.. Which makes no sense - unless you didn't do the sniff right..

Again can the server ping pfsense IP? Sniff when your doing that test..

ilovechickennuggets · Feb 25, 2020, 10:38 PM

@johnpoz
Sorry! Ran the sniff and ping from NAS server to 192.168.70.1 resulted in 100% packet loss.
🔒 Log in to view
🔒 Log in to view

johnpoz · Feb 25, 2020, 10:43 PM

Ok so your seeing traffic to pfsense interface on 192.168.70.1 - but no answers!

That points to firewall on pfsense, but that shouldn't stop you from pinging from pfsense unless you have an outbound rule on your lan.. Do you have anything in floating?

example

🔒 Log in to view

ilovechickennuggets · Feb 25, 2020, 10:44 PM

@johnpoz
Current floating and LAN rules
🔒 Log in to view
🔒 Log in to view

johnpoz · Feb 25, 2020, 10:51 PM

Well what interfaces do you have all those rules on? Its quite possible your blocking something in all those rules...

Disable them all for "testing"

Your lan and server rules mean nothing for pinging from pfsense - the only thing that could cause what seeing would be a outbound rule on your server interface blocking pfsense from sending the ping even..

What are you rules on your server interface?

ilovechickennuggets · Feb 29, 2020, 6:48 PM

@johnpoz
So counting from top to bottom, the first 11 rules (pfB_Top_v4 to pfb_TOR_v4) - all 11 have the same setting with block to WAN interface only (only WAN is highlighted in interface box).
🔒 Log in to view

johnpoz · Feb 25, 2020, 11:01 PM

Ok well your server interface rules would not allow ping.. So that explains why pfsense would not answer ping.

Set a rule to allow ping to pfsense server address.
And possible dns is not listening on on 70.1

Set your ping rule, and try to ping from server again to 70.1