I can reach pfSense LAN interface but not other devices connected.
-
Hi everyone,
I'm trying to setup a home test environment and I'm having some difficulties.
Here is the setup:I have an Intel NUC with ESXI7.0u3. On it I've installed a pfSense machine and a Mikrotik router.
Mikrotik has address 192.168.100.2/24 on interface ether1.
Default gateway is 192.168.100.1
Default route is via interface ether1.pfSense has wan address 192.168.1.248/24
lan address is 192.168.100.1/24
default gateway is 192.168.1.1/24my home router is a fritzbox with ip 192.168.1.1/24 and I'm working on a machine with ip 192.168.1.2.
On fritbox I've added a static route to 192.168.100.0/24 via 192.168.1.248so the situation is:
From pc 192.168.1.2 i can ping pfSense wan interface 192.168.1.248
From pc 192.168.1.2 i can ping pfSense lan interface 192.168.100.1
From pc 192.168.1.2 i can't ping mikrotik ether1 interface 192.168.100.2From pfSense LAN interface i can resolve and ping www.google.com
From pfSense WAN interface i can resolve and ping www.google.com
From pfSense LAN interface I can ping Mikrotik 192.168.100.2
From pfSense WAN interface i can't ping Mikrotik 192.168.100.2 and I receive a rooting loop: pfSense WAN use Fritz as default gw, Fritz have a route for 192.168.100.0 pointing to pfSense WAN interface and.. loop!From Mikrotik 192.168.100.2 i can ping pfSense lan interface 192.168.100.1
From Mikrotik 192.168.100.2 i can't ping pfSense wan interface 192.168.1.248I have 2 simple firewall rules in wan and lan: permit any any
I have an Hybrid Outbound Nat configuration (I've also tried to disable but with no success)So I need your help... where am I doing wrong?!
Many thanks!
-
@peer2peer
Try to ping the Mikrotik from the Fritzbox.
The route on the FB does not forward the packets from other devices in its LAN properly. It might work for ICMP like pings though, but that doesn't work for TCP traffic at all.Also possibly there is a firewall on the Mikrotik blocking access from outside of the subnet it resides.
-
Hi @viragomann,
thanks for your reply.
Unfortunately I cannot ping from my Fritz as since some fw version ago it doesn't support telnet anymore... (yeah I know, I know...)I'll try to investigate on Mikrotik firewall but it should be clear as the machine has been just installed and I've configured only an ipaddress on the connected interface.
-
@peer2peer
I don't know the Mikrotik OS, however on common network enabled OS's it is the default behavior that they allow pings from the subnet they are connected to, but not from outside.You can sniff the traffic on the LAN of pfSense using the Packet Capture utility from the Diagnostic menu to see whats going on.
-
@viragomann i've resolved.
I disabled the outbound NAT on the pfSense and I've added a static default route to my home router (Fritzbox).
Now I can succesfully ping and reach the devices on the "internal" LAN of pfSense.