Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No outbound connection from 2nd WAN subnet

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 574 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BlueSun
      last edited by

      Our Datacenter has assigned 2 IP subnets for our servers. PFSense is setup in Bridge mode (i.e. LAN + WAN is tied to bridge0)

      SubnetA = x.y.z.120/29

      SubnetA = x.y.z.208/28

      Pfsense is setup on x.y.z.122

      All servers on SubnetA can access anything on the internet, and internet clients can access the servers, i.e. browse to http://x.y.z.125, etc.

      A new server is setup on x.y.z.211, and I can SSH to / ping x.y.z.211 from the internet. But, x.y.z.211, and 3 other servers with different OS's (as a test) cannot ping 8.8.8.8, the gateway x.y.z.209 or even SSH to an IP on the internet.

      What I am missing?

      pfsense1.jpg

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @BlueSun
        last edited by

        @bluesun
        The destination 0.0.0.0/24 in the outbound NAT rule does not include 8.8.8.8, so no translation for this IP.
        Set it to any, or 0.0.0.0/0 if you like numbers.

        B 1 Reply Last reply Reply Quote 0
        • B
          BlueSun @viragomann
          last edited by BlueSun

          @viragomann Thank you. I have change the subnet to /0 but that doesn't seem to help either.

          Something interesting I picked up:

          when pinging the IP from a random internet host, the ping looks normal:

          root@mercury:[~]$ ping x.y.z.211
PING x.y.z.212 (x.y.z..211) 56(84) bytes of data.
64 bytes from x.y.z.211 icmp_seq=1 ttl=59 time=1.81 ms
64 bytes from x.y.z.211: icmp_seq=2 ttl=59 time=1.85 ms
64 bytes from x.y.z.211: icmp_seq=3 ttl=59 time=1.77 ms

          But, pinging the IP address from PFsense, I get the following:

          [2.5.2-RELEASE][XXX@PFS.LOCAL]/: ping x.y.z.211
PING x.y.z.211 (x.y.z.211): 56 data bytes
36 bytes from x.y.z..121: Time to live exceeded
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 a9a3   0 0000  01  01 e469 x.y.z.122  x.y.z.211

36 bytes from x.y.z.211: Time to live exceeded
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 a9a3   0 0000  01  01 e469 x.y.z.122 x.y.z.211

36 bytes from x.y.z.211: Time to live exceeded
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 a39e   0 0000  01  01 ea6e x.y.z.122  x.y.z.211

^C
--- x.y.z.211 ping statistics ---
6 packets transmitted, 0 packets received, 100.0% packet loss

          Pinging another host in SubnetA, from PFsense, looks like this:

          [2.5.2-RELEASE][XXX@PFS.LOCAL]/: ping x.y.z.211 x.y.z.123
PING x.y.z.1233 (x.y.z.123): 56 data bytes
64 bytes from x.y.z.123: icmp_seq=0 ttl=64 time=0.601 ms
64 bytes from x.y.z.123: icmp_seq=1 ttl=64 time=0.382 ms
64 bytes from x.y.z.123: icmp_seq=2 ttl=64 time=0.467 ms
^C
--- x.y.z.123 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.382/0.483/0.601/0.090 ms

          I setup another VM, x.y.z.212 and both x.y.z.211 and x.y.z.212 can ping each other. I can ping both x.y.z.211 and x.y.z.212 from the internet.

          1 Reply Last reply Reply Quote 0
          • B
            BlueSun
            last edited by

            I found the problem.

            0089fae6-f2a8-405d-818d-8a40648a0bf7-image.png

            The virtual machine can now access the internet.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.