Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Internet Connection causes pings to fail

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 3 Posters 1.2k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      CBCH
      last edited by CBCH

      Hi guys, this is my first time posting on this awesome forum, but it is unfortunately a question that has been bugging me for days.

      I have an Ubuntu 20.04.1 machine which consists of 2 adapters.

      enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
              inet 192.168.1.96  netmask 255.255.255.0  broadcast 192.168.1.255
              inet6 fe80::c87c:ea4b:8946:7b9a  prefixlen 64  scopeid 0x20<link>
              ether 08:00:27:bd:8b:9f  txqueuelen 1000  (Ethernet)
              RX packets 989  bytes 924978 (924.9 KB)
              RX errors 0  dropped 37  overruns 0  frame 0
              TX packets 373  bytes 49368 (49.3 KB)
              TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      
      enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
              inet 10.0.0.69  netmask 255.255.255.0  broadcast 10.0.0.255
              inet6 fe80::90e5:3014:8b6a:a8ee  prefixlen 64  scopeid 0x20<link>
              ether 08:00:27:d9:20:98  txqueuelen 1000  (Ethernet)
              RX packets 38  bytes 3604 (3.6 KB)
              RX errors 0  dropped 0  overruns 0  frame 0
              TX packets 103  bytes 9660 (9.6 KB)
              TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      

      I also have a Kali 2021.1-amd64 machine which is using the Internal Network adapter (external).

      eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
              inet 1.1.1.2  netmask 255.255.255.252  broadcast 1.1.1.3
              inet6 fe80::a00:27ff:fea6:1f86  prefixlen 64  scopeid 0x20<link>
              ether 08:00:27:a6:1f:86  txqueuelen 1000  (Ethernet)
              RX packets 3  bytes 256 (256.0 B)
              RX errors 0  dropped 0  overruns 0  frame 0
              TX packets 19  bytes 1542 (1.5 KiB)
              TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      
      lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
              inet 127.0.0.1  netmask 255.0.0.0
              inet6 ::1  prefixlen 128  scopeid 0x10<host>
              loop  txqueuelen 1000  (Local Loopback)
              RX packets 8  bytes 400 (400.0 B)
              RX errors 0  dropped 0  overruns 0  frame 0
              TX packets 8  bytes 400 (400.0 B)
              TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
      

      Between these two machines, I am using PFSENSE-HP 2.6.0 as my router.

      The issue is that when I use the Bridged adapter on my Ubuntu machine, my Kali can't ping the IPv4 address of the Internal Network (DMZ) adapter anymore. However, I can access the website on 10.0.0.69 via my browser on Kali. In addition, I am able to ping the Ubuntu machine from a shell on my PFSENSE-HP router. To ensure that this isn't a firewall issue, I allowed all ICMP requests to flow from the External zone to the DMZ zone vice versa on the router. I also used iptables to make sure ICMP echo requests are not getting blocked on both the Ubuntu and Kali machines. What makes this even weirder is that, I can ping my Kali from my Ubuntu machine but not the other way round. The moment I remove the bridged adapter, the pings are able to work again. However, I really need the bridged adapter for gaining an internet connection on my Ubuntu machine. I just want to be able to get Internet connection but also be able to ping the network at the same time.

      730eb31f-28ef-4283-9c90-16e59d5b5979-image.png
      3466cd55-0781-4198-b4e5-18f6bf3eac30-image.png

      Any help would be appreciated! I'm literally going to get white hairs from this.

      PS. The following are my adapter settings on my Ubuntu machine. (Please let me know if I'm not giving enough details in this post) Thanks in advance!
      25832c83-beef-4332-b70d-c04a8ae5b245-image.png
      87e97d23-cb0b-477a-a23a-1a5671a5d39d-image.png

      (My PFSENSE router is also a VM)

      I can access the website from my kali in the External zone via 10.0.0.69. However, I cannot ping it somehow, which to me, doesn't make sense. The moment I just remove the bridged adapter, everything starts working again. In addition, I have also tried NAT, but it doesn't give internet connection somehow, which is the reason why I resorted to using the bridged adapter.

      d4c1e94f-7798-4fbe-8dc2-18e08fd44ff8-image.png

      If it is of any help, the following are the .vbox files I am using.
      vbox.zip

      ===============================================

      Edit: Just disconnecting the bridged adapter (in my case enp0s3) fixes the issue, I don't have to reboot the machine or anything and the ping will go through.

      I have also done a traceroute and the ICMP echo request stops at 1.1.1.1/30, which is the gateway for the external domain in my network. This makes me think whether it is my PFSENSE router blocking something, but then again, I have enabled all ICMP requests to and fro WAN (external) to LAN (DMZ).

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @CBCH
        last edited by

        @cbch said in Internet Connection causes pings to fail:

        inet 1.1.1.2

        Really ?
        You just auto-attributed yourself that address ?
        Do you know who 1.1.1.1 is ?

        5140875c-98bd-4a45-9fd0-cde6fef9d728-image.png

        You're in for some serious trouble.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        C 1 Reply Last reply Reply Quote 0
        • C Offline
          CBCH @Gertjan
          last edited by CBCH

          @gertjan Oh, sorry for the misunderstanding, 1.1.1.1/30 is my gateway for the external network. 1.1.1.2/30 is what I'm using to simulate a user from the Internet.

          f0263305-d6b0-4790-a914-82422beefc1b-image.png

          Everything is just on my sandbox, I'm not touching noone

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG Offline
            Gertjan @CBCH
            last edited by

            @cbch

            This is the real 1.1.1.1 : https://www.cloudflare.com/fr-fr/learning/dns/what-is-1.1.1.1/

            using their IPv4 is just not done, and creates problems.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            johnpozJ C 3 Replies Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator @Gertjan
              last edited by johnpoz

              1.1.1.2/30 is what I'm using to simulate a user from the Internet.

              Huh? That doesn't make a lot of sense to me. Where exactly does that connect too?

              Your rule wan net to lan net? When would that work? your wan net is a /30 so your allowing 1.1.1.1 only to talk to anything on the lan.. What would be generating this traffic into your lan? And whats the point of that rule anyway when you have allow any any rules above them?

              If you want to "simulate" external - say internet. What does that have to do with using a public /30 on our pfsense wan?

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • C Offline
                CBCH @Gertjan
                last edited by

                @gertjan Oh my, I did not know that, I'm going to change it later, thanks for the heads up.

                1 Reply Last reply Reply Quote 0
                • C Offline
                  CBCH @Gertjan
                  last edited by CBCH

                  @gertjan It is just my own sandbox network environment. And yes, WAN to LAN does work when I remove the bridged adapter. I am allowed to talk to the LAN, which in my case is simulating the DMZ where I host my webserver. I added in the rule, later on, to make sure that it allows ICMP to pass through, it was just to serve as a double-check.

                  And once again, it is my own sandbox environment, so my 'External' isn't really the Internet at all. It's just a simulate it. I hope this clears your doubts

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ Offline
                    johnpoz LAYER 8 Global Moderator @CBCH
                    last edited by

                    @cbch said in Internet Connection causes pings to fail:

                    so my 'External' isn't really the Internet at all. It's just a simulate it.

                    That does not require a public IP.. You can "simulate" external or internet with any rfc1918 range just the same.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    C 1 Reply Last reply Reply Quote 0
                    • C Offline
                      CBCH @johnpoz
                      last edited by

                      @johnpoz Yea.. I did not know it is a public IP, my bad about that

                      C 1 Reply Last reply Reply Quote 0
                      • C Offline
                        CBCH @CBCH
                        last edited by

                        @cbch So what you guys are saying is that using private IP will fix the issue? Do correct me if I am wrong, my network here seems like a disaster to me.

                        C 1 Reply Last reply Reply Quote 0
                        • C Offline
                          CBCH @CBCH
                          last edited by CBCH

                          @gertjan & @johnpoz I just had a discussion with my teacher. He mentioned that I should add another static route (NAT) from the PFSense router to the Internet, so based on this, I added an OPT5 interface to my router and tested it using an IP of 192.168.0.112/24. Is this the correct idea? Because it still doesn't work for me. Or is it because I have to add another WAN interface to the router?

                          PS: The first WAN interface is to connect it to a network to simulate the Internet and cannot be changed (it's just set in stone for this project of mine, don't mind it)

                          C 1 Reply Last reply Reply Quote 0
                          • C Offline
                            CBCH @CBCH
                            last edited by

                            @cbch Ok, I fixed the issue, just adding another NAT adapter to my PFSense router did the job. Thanks a lot for all your help.

                            johnpozJ 1 Reply Last reply Reply Quote 0
                            • johnpozJ Offline
                              johnpoz LAYER 8 Global Moderator @CBCH
                              last edited by johnpoz

                              @cbch said in Internet Connection causes pings to fail:

                              just adding another NAT adapter to my PFSense router did the job

                              Why would you do that?

                              You really should not have to nat in your vmhost..

                              For setting up a lab in vm tied to physical network(s) you would use bridge interface in vm network. This ties the vm to the physical world the host is connected to on that interface. If your vms do not need to be tied to physical world via an interface, and say route through pfsense vm to get to the real world. Then the vm network in that case would normally be host only networks.

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.