Need to use OPT 1 as another LAN interface
-
Hi There, I am having issue.
OPT 1 can not communicate or not getting any logs from that interface.Setuo :
LAN - 172.17.8.1 works fine
OPT1 - 172.17.9.1 does not workOutbound NAT setup to Automatic
Allowed firewall rules.
still no luck.
Please help me.Thanks,
K -
Well can your devices on this 172.17.9 network ping pfsense IP 172.17.9.1? Did you enable dhcp on it? What rules did you create on it? etc..
-
Until we get more info about your network, all we can do is take potshots at the usual suspects...
i.e... there are too many unknown variables to offer any targeted troubleshooting. What does your network look like? Post a simple network map. Is PFsense physical or virtual? Post the rules on your OPT1 interface. Are you using the resolver with ACL's? If so, have you allowed 172.17.9.0/24 in the resolver? -
@johnpoz @marvosa
please see details below :
its a virtual environment- basically i am trying to hide some computes behind pfsense
- Lan works fine no issue
- OPT1 devices can not get connect to any where
- Can not ping pfsense gateway
- There is no DHCP range - its all static IPs
- Can not see any logs from OPT1 interface
- i have setup any any rule just to test- still no luck.
Please findconfig-MARSpentestPfsense.chip.ca-20201119122649.xml attached config back up file.
-
Dude if the device can not ping pfsense IP, and you set it static - then you set it wrong or there is not connectivity between them.
When you try and ping pfsense IP, look in the client do you see a mac for pfsense interface in the clients arp table?
I am not going dig through a config file for this info - can you not post a simple screenshot?
-
The OPT1 interface : put a pass rule on it on the first position. Exactly like the one you found on LAN when you installed pfSense.
You could event test with a default client device (one with a DHCP client activated) and you'll see it works right away : drill down from there. -
@Gertjan did not work,
Not getting DHCP IP.
Setup any any allow rule but still no luck.
Any other thoughts ? -
@keeshpat said in Need to use OPT 1 as another LAN interface:
Any other thoughts ?
As already stated you can not talk to another device on your network if you can not see its mac address.. Look in the clients arp table - do you see the mac address for pfsense IP?
If not then you have a connectivity issue, or you have your network address space setup wrong..
example..
$ arp -a Interface: 192.168.9.100 --- 0xf Internet Address Physical Address Type 192.168.9.8 00-1f-29-54-17-14 dynamic 192.168.9.9 00-1f-29-54-17-15 dynamic 192.168.9.10 00-11-32-7b-29-7d dynamic 192.168.9.11 00-11-32-7b-29-7e dynamic 192.168.9.75 18-db-f2-3e-44-ce dynamic 192.168.9.99 70-6e-6d-f3-11-93 dynamic 192.168.9.253 00-08-a2-0c-e6-24 dynamic 192.168.9.255 ff-ff-ff-ff-ff-ff static 224.0.0.22 01-00-5e-00-00-16 static 224.0.0.251 01-00-5e-00-00-fb static 239.255.255.250 01-00-5e-7f-ff-fa staticSee 192.168.9.253 that is mac address of pfsense interface on this network..
You can see all your interfaces and their mac status, interfaces.. See how that matches up 00-08-a2-0c-e6-24
-
@johnpoz
There is no connectivity,
Confirming the IP is in right subnet.
But I dont see pfsense MAc address when i ping.
Any other thoughts.
Create new NIC interface on VMware just to measure the NIC is not broken -
If you can not see mac - then fix vmware.. How do you have this setup - are they both VMs do you have it going to physical?
Nobody can help you figure out what you did wrong without info..
How is opt1 connected different than lan?
-
@johnpoz Confirming LAn and OPt1 has been configures same on vmware as well as on pfsense.
Both pfsense and virtual machine are connected to virtual switch.
Let me recreate the virtual switch.-- may be that help ?basically its all virtual connection
-
So on this virtual switch did you create a different port group? This is different network you wouldn't put it in the same port group.. How is that connected to physical.. Are you trying to ping from another VM on the same vswitch and port group..
If this connected to physical. Did you create a different vlan tag on this port group, on your physical network, etc. etc.. etc..
-
@keeshpat said in Need to use OPT 1 as another LAN interface:
@Gertjan did not work,
Not getting DHCP IP.DHCP server on OPT1 is set up ok ?
(same settings as the default LAN DHCP server, exception : the network)This is also shown very often :
this special case - no joke - doesn't even allow you to set up a DHCP server on the OPT1 interface (spoiler : because the max pool size would be zero ...; )
if all is well, you should have this :
and this :
The firewall rule for OPT1 (mine is called PORTAL ) :
With all these settings, which are pure clones of the default LAN interface settings, all will be ok.
If it doesn't work, change hardware, cable, switches.
Or redo whatever you use as a VM. -
@johnpoz
Physical switch :has different vlan 8 and vlan 9
Virtual switch has 2 port group : one of them is Web (vlan 8 - connected to Lan interface on pfsense ) , 2nd is DB (vlan 9 - connected to OPT1 on pfsense)
I have vm connected to LAN interface works fine. no issues there.
Vm connected to OPt1 can not even reach to pfsense.Just delete the port group and recreate it -- still same issue .
-
It's getting bigger all the time :
.....
.....
VM !
......
VLAN's !
......Take your time, a pencil and paper, and make some pictures / screen copies / whatever. Include everything. And most important : all the things we don't know ;)
-
@Gertjan
Thank you, confirming it is set exactly the same.
Still no luck.
Thank you -
@keeshpat said in Need to use OPT 1 as another LAN interface:
e ) , 2nd is DB (vlan 9 - connected to OPT1 on pfsense)
So you set vlan ID in pfsense? Or its native on pfsense? esxi will pull tags off unless you set vlan ID 4095 on the port group..
-
Look at Status > Interfaces for OPT1. Do you see any incoming packets at all?
This looks like some virtual network config issue, I agree.
Steve
-
@johnpoz I tag vlan ID on virtual port group on vmware.
No tags on pfsense. -
@stephenw10 no traffic on opt1 interface
