windows clients can only ping gateway
-
Check the ARP table if it's locally attached. It really wants to use UPnP though.
If there are no states or blocked traffic from a test client and the error it shows is a timeout where is it sending pings?
You might have something blocking it and not logging like Snort or Suricata maybe?
-
@stephenw10 said in windows clients can only ping gateway:
Check the ARP table if it's locally attached. It really wants to use UPnP though.
If there are no states or blocked traffic from a test client and the error it shows is a timeout where is it sending pings?
You might have something blocking it and not logging like Snort or Suricata maybe?
it's not in the arp table.
i don't have anything like that. my LAN consists of 2 pfsense routers 4 ubiquity aps, 1 ap and unifi controller running on a raspberry pi -
Run a pcap. What MAC address is it coming from? If that's another router check there to see where it's being routed from.
Steve
-
@stephenw10 said in windows clients can only ping gateway:
Run a pcap. What MAC address is it coming from? If that's another router check there to see where it's being routed from.
Steve
I get
11:24:12.375776 c8:3a:35:f1:9f:08 > 01:00:5e:7f:ff:fa, ethertype IPv4 (0x0800), length 440: (tos 0x0, ttl 4, id 0, offset 0, flags [DF], proto UDP (17), length 426) 192.168.2.1.3213 > 239.255.255.250.1900: [udp sum ok] UDP, length 398 11:24:12.483271 c8:3a:35:f1:9f:08 > 01:00:5e:7f:ff:fa, ethertype IPv4 (0x0800), length 440: (tos 0x0, ttl 4, id 0, offset 0, flags [DF], proto UDP (17), length 426) 192.168.2.1.3213 > 239.255.255.250.1900: [udp sum ok] UDP, length 398so the mac of the device is c8:3a:35:f1:9f:08 and the mac of the interface its trying to reach is 01:00:5e:7f:ff:fa right?
i cant find any device or interface in my arp and DHCP tables. checked manually some devices too to see if it was them and i can't find a device that matches this mac -
@elliopitas said in windows clients can only ping gateway:
01:00:5e
Is a multicast mac your not going to find that in your arp table. But the other one c8:3a:35 is Tenda company, they make networking gear. https://www.tendacn.com/us/default.html
MAC Address Details Company Tenda Technology Co., Ltd. Address Shenzhen Guandong 518057 CHINA Range C8:3A:35:00:00:00 - C8:3A:35:FF:FF:FF Type IEEE MA-L -
@johnpoz said in windows clients can only ping gateway:
@elliopitas said in windows clients can only ping gateway:
01:00:5e
Is a multicast mac your not going to find that in your arp table. But the other one c8:3a:35 is Tenda company, they make networking gear. https://www.tendacn.com/us/default.html
MAC Address Details Company Tenda Technology Co., Ltd. Address Shenzhen Guandong 518057 CHINA Range C8:3A:35:00:00:00 - C8:3A:35:FF:FF:FF Type IEEE MA-Lok found the device and fixed it. but still the problem persists
-
If everything is configured with the same subnet size then your problem is probably in the switch. That traffic should be going directly between clients. If it's using wifi then check client isolation.
Steve
-
@stephenw10 said in windows clients can only ping gateway:
If everything is configured with the same subnet size then your problem is probably in the switch. That traffic should be going directly between clients. If it's using wifi then check client isolation.
Steve
Wi-Fi isolation is not enabled, the clients can ping each other on Wi-Fi, and the switch is working fine since the printer and my linux laptop that are also connected to the same switch have no problems.
i will back up configuration and reset the router I cant figure out what else to do -
I wouldn't expect that to make any difference since that traffic doesn't go through the router at all.
If other devices can ping them then they are able to reply. It's almost certainly some Windows issue locally.
Steve
-
ok so i solved the problem...
idk why I didn't do this earlier but I checked the arp table of the computers that were not working and the mac didn't match my router.
turns out that my brother's switch killed itself and decided to give itself statically the same IP as the router, arp poisoning the network so the computers could only access devices in the same subnet.
idk why this affected only Windows devices
