Internet Connection causes pings to fail

CBCH

Hi guys, this is my first time posting on this awesome forum, but it is unfortunately a question that has been bugging me for days.

I have an Ubuntu 20.04.1 machine which consists of 2 adapters.

enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.96  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::c87c:ea4b:8946:7b9a  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:bd:8b:9f  txqueuelen 1000  (Ethernet)
        RX packets 989  bytes 924978 (924.9 KB)
        RX errors 0  dropped 37  overruns 0  frame 0
        TX packets 373  bytes 49368 (49.3 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.69  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::90e5:3014:8b6a:a8ee  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:d9:20:98  txqueuelen 1000  (Ethernet)
        RX packets 38  bytes 3604 (3.6 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 103  bytes 9660 (9.6 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I also have a Kali 2021.1-amd64 machine which is using the Internal Network adapter (external).

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 1.1.1.2  netmask 255.255.255.252  broadcast 1.1.1.3
        inet6 fe80::a00:27ff:fea6:1f86  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:a6:1f:86  txqueuelen 1000  (Ethernet)
        RX packets 3  bytes 256 (256.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 19  bytes 1542 (1.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 8  bytes 400 (400.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 400 (400.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Between these two machines, I am using PFSENSE-HP 2.6.0 as my router.

The issue is that when I use the Bridged adapter on my Ubuntu machine, my Kali can't ping the IPv4 address of the Internal Network (DMZ) adapter anymore. However, I can access the website on 10.0.0.69 via my browser on Kali. In addition, I am able to ping the Ubuntu machine from a shell on my PFSENSE-HP router. To ensure that this isn't a firewall issue, I allowed all ICMP requests to flow from the External zone to the DMZ zone vice versa on the router. I also used iptables to make sure ICMP echo requests are not getting blocked on both the Ubuntu and Kali machines. What makes this even weirder is that, I can ping my Kali from my Ubuntu machine but not the other way round. The moment I remove the bridged adapter, the pings are able to work again. However, I really need the bridged adapter for gaining an internet connection on my Ubuntu machine. I just want to be able to get Internet connection but also be able to ping the network at the same time.

Any help would be appreciated! I'm literally going to get white hairs from this.

PS. The following are my adapter settings on my Ubuntu machine. (Please let me know if I'm not giving enough details in this post) Thanks in advance!

(My PFSENSE router is also a VM)

I can access the website from my kali in the External zone via 10.0.0.69. However, I cannot ping it somehow, which to me, doesn't make sense. The moment I just remove the bridged adapter, everything starts working again. In addition, I have also tried NAT, but it doesn't give internet connection somehow, which is the reason why I resorted to using the bridged adapter.

If it is of any help, the following are the .vbox files I am using.
vbox.zip

===============================================

Edit: Just disconnecting the bridged adapter (in my case enp0s3) fixes the issue, I don't have to reboot the machine or anything and the ping will go through.

I have also done a traceroute and the ICMP echo request stops at 1.1.1.1/30, which is the gateway for the external domain in my network. This makes me think whether it is my PFSENSE router blocking something, but then again, I have enabled all ICMP requests to and fro WAN (external) to LAN (DMZ).

Gertjan

@cbch said in Internet Connection causes pings to fail:

inet 1.1.1.2

Really ?
You just auto-attributed yourself that address ?
Do you know who 1.1.1.1 is ?

You're in for some serious trouble.

CBCH

@gertjan Oh, sorry for the misunderstanding, 1.1.1.1/30 is my gateway for the external network. 1.1.1.2/30 is what I'm using to simulate a user from the Internet.

Everything is just on my sandbox, I'm not touching noone

Gertjan

@cbch

This is the real 1.1.1.1 : https://www.cloudflare.com/fr-fr/learning/dns/what-is-1.1.1.1/

using their IPv4 is just not done, and creates problems.

johnpoz

1.1.1.2/30 is what I'm using to simulate a user from the Internet.

Huh? That doesn't make a lot of sense to me. Where exactly does that connect too?

Your rule wan net to lan net? When would that work? your wan net is a /30 so your allowing 1.1.1.1 only to talk to anything on the lan.. What would be generating this traffic into your lan? And whats the point of that rule anyway when you have allow any any rules above them?

If you want to "simulate" external - say internet. What does that have to do with using a public /30 on our pfsense wan?

CBCH

@gertjan Oh my, I did not know that, I'm going to change it later, thanks for the heads up.

CBCH

@gertjan It is just my own sandbox network environment. And yes, WAN to LAN does work when I remove the bridged adapter. I am allowed to talk to the LAN, which in my case is simulating the DMZ where I host my webserver. I added in the rule, later on, to make sure that it allows ICMP to pass through, it was just to serve as a double-check.

And once again, it is my own sandbox environment, so my 'External' isn't really the Internet at all. It's just a simulate it. I hope this clears your doubts

johnpoz

@cbch said in Internet Connection causes pings to fail:

so my 'External' isn't really the Internet at all. It's just a simulate it.

That does not require a public IP.. You can "simulate" external or internet with any rfc1918 range just the same.

CBCH

@johnpoz Yea.. I did not know it is a public IP, my bad about that

CBCH

@cbch So what you guys are saying is that using private IP will fix the issue? Do correct me if I am wrong, my network here seems like a disaster to me.

CBCH

@gertjan & @johnpoz I just had a discussion with my teacher. He mentioned that I should add another static route (NAT) from the PFSense router to the Internet, so based on this, I added an OPT5 interface to my router and tested it using an IP of 192.168.0.112/24. Is this the correct idea? Because it still doesn't work for me. Or is it because I have to add another WAN interface to the router?

PS: The first WAN interface is to connect it to a network to simulate the Internet and cannot be changed (it's just set in stone for this project of mine, don't mind it)

CBCH

@cbch Ok, I fixed the issue, just adding another NAT adapter to my PFSense router did the job. Thanks a lot for all your help.

johnpoz

@cbch said in Internet Connection causes pings to fail:

just adding another NAT adapter to my PFSense router did the job

Why would you do that?

You really should not have to nat in your vmhost..

For setting up a lab in vm tied to physical network(s) you would use bridge interface in vm network. This ties the vm to the physical world the host is connected to on that interface. If your vms do not need to be tied to physical world via an interface, and say route through pfsense vm to get to the real world. Then the vm network in that case would normally be host only networks.